Welcome!
Important information
-- Spectre and Meltdown vulnerabilities
-- Change in MX sources

News
-- MX Linux on social media: here
-- Mepis support still here

Current releases
-- MX-17.1 Final release info here
-- antiX-17 release info here

New users
-- Please read this first, and don't forget to add system and hardware information to posts!
-- Here are the Forum Rules

MX 17 Repository: The Thunderbird Thread

Post Reply
Message
Author
User avatar
mmikeinsantarosa
Forum Guide
Forum Guide
Posts: 2371
Joined: Thu May 01, 2014 10:12 am

MX 17 Repository: The Thunderbird Thread

#1 Post by mmikeinsantarosa » Wed Nov 29, 2017 11:14 am

The latest thunderbird-52.5.0 is now available to upgrade to. This one does include a critical security fix.
Security vulnerabilities fixed in Thunderbird 52.5
ANNOUNCED
November 23, 2017
IMPACT
CRITICAL
PRODUCTS
Thunderbird
FIXED IN
Thunderbird 52.5
In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.

#CVE-2017-7828: Use-after-free of PressShell while restyling layout

REPORTER
Nils
IMPACT
CRITICAL
Description

A use-after-free vulnerability can occur when flushing and resizing layout because the PressShell object has been freed while still in use. This results in a potentially exploitable crash during these operations.

References

Bug 1406750
Bug 1412252
#CVE-2017-7830: Cross-origin URL information leak through Resource Timing API

REPORTER
Jun Kokatsu
IMPACT
HIGH
Description

The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users.

References

Bug 1408990
#CVE-2017-7826: Memory safety bugs fixed in Firefox 57, Firefox ESR 52.5, and Thunderbird 52.5

REPORTER
Mozilla developers and community
IMPACT
CRITICAL
Description

Mozilla developers and community members Christian Holler, David Keeler, Jon Coppeard, Julien Cristau, Jan de Mooij, Jason Kratzer, Philipp, Nicholas Nethercote, Oriol Brufau, André Bargull, Bob Clary, Jet Villegas, Randell Jesup, Tyson Smith, Gary Kwong, and Ryan VanderMeulen reported memory safety bugs present in Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

References
For more info, check out the release notes at the mozilla site.

- mike
LT: MX17.1 Quad Core model: Intel Core i7-6820HQ Kernel: 4.16.0-12.1-liquorix-amd64 (64 bit)
DT: Intel(R) Core i5-3.1GHz Kernel~3.9-1-mepis64 x86_64

User avatar
mmikeinsantarosa
Forum Guide
Forum Guide
Posts: 2371
Joined: Thu May 01, 2014 10:12 am

Re: MX 17 Repository: The Thunderbird Thread

#2 Post by mmikeinsantarosa » Wed Jan 31, 2018 1:03 pm

thunderbird_52.6.0 is now available to upgrade to. Critical security fixes were made on this release.

Upgrading is advised.

- mike
LT: MX17.1 Quad Core model: Intel Core i7-6820HQ Kernel: 4.16.0-12.1-liquorix-amd64 (64 bit)
DT: Intel(R) Core i5-3.1GHz Kernel~3.9-1-mepis64 x86_64

User avatar
Jerry3904
Forum Veteran
Forum Veteran
Posts: 22420
Joined: Wed Jul 19, 2006 6:13 am

Re: MX 17 Repository: The Thunderbird Thread

#3 Post by Jerry3904 » Wed Jan 31, 2018 1:04 pm

No hiccups here, thanks for keeping up with this.
Production: 4.15.0-1-amd64, MX-17.1, AMD FX-4130 Quad-Core, GeForce GT 630/PCIe/SSE2, 8 GB, Kingston SSD 120 GB and WesternDigital 1TB
Testing: AAO 722: 4.15.0-1-386. MX-17.1, AMD C-60 APU, 4 GB

User avatar
mmikeinsantarosa
Forum Guide
Forum Guide
Posts: 2371
Joined: Thu May 01, 2014 10:12 am

Re: MX 17 Repository: The Thunderbird Thread

#4 Post by mmikeinsantarosa » Sun Mar 25, 2018 6:31 pm

thunderbird-52.7 is now available to upgrade to.
Fixed - Searching message bodies of messages in local folders, including filter and quick filter operations, did not find content in message attachments
Fixed - Better error handling for Yahoo accounts
Fixed - Various critical security fixes
Note: Probably a good idea to upgrade to get the security fixes.

See the release notes page for more information.

- mike
LT: MX17.1 Quad Core model: Intel Core i7-6820HQ Kernel: 4.16.0-12.1-liquorix-amd64 (64 bit)
DT: Intel(R) Core i5-3.1GHz Kernel~3.9-1-mepis64 x86_64

User avatar
Eadwine Rose
Forum Veteran
Forum Veteran
Posts: 6006
Joined: Wed Jul 12, 2006 2:10 am

Re: MX 17 Repository: The Thunderbird Thread

#5 Post by Eadwine Rose » Mon Mar 26, 2018 2:54 pm

Thanks Mike :)
MX-17.1_x64 Horizon 14-3-2018 * 4.15.0-1-amd64 ext4 Xfce 4.12.3 * AMD Asus M4A785TD-V EVO AM3 * ASUS GF GT640-1GD5-L NVIDIA 384.130 * AMD Proc. Athl II X4 635, sAM3 * HDA ATI SB VT1708S An * 2x4Gb DDR3 1600 Kingst * 22" Samsung SyncM P2250 * HP F2280

User avatar
fehlix
Forum Guide
Forum Guide
Posts: 1486
Joined: Wed Apr 11, 2018 5:09 pm

Re: MX 17 Repository: The Thunderbird Thread

#6 Post by fehlix » Sun Jun 03, 2018 6:19 pm

Within in another thread here I tried to provide a solution to sort out the
localization issue we had for getting thunderbird full localized easier for the user.

After some discussions with mmikeinsantarosa and stevo I have tried stevo's proposal
to use debian provided version instead of mx-provided mozilla-version.
And yes, the debian-version will sort out the l10n-issue just out of the box,
without any tweaking!
Based on this, here is now my new proposal to finally have sorted the language issues:

The Situation:
We do have within mx-repo and debian-stable repo two identical thundebird versions.
The package-version in mx-repo is higher than the debian-version so that it gets installed by default.
The mx-version based on mozilla includes the calendar lightning, whereas the debian version
provides the calendar within an extra lightning-package.

The Challenge:
How to install the version from debian-repo which has a lower package-version number than the mx-repo without breaking anything else and without get upgraded to the higher mx-package version from the mx-repo? How to receive further updates from debian, without holding just the current debian-version? How to include the calandar into the debian version so it will be always available for the user as it was before when he just was installing thunderbird?

The Solution:
Without doing any re-packaging or any further big development work and without
breaking any dependency the solution is provided here within 2 steps:
1. Make apt-package manager accept to install and update debian's version from debian repo
with upgrading from mx-provided mozilla-version by applying the following apt-preferences:

Code: Select all

## apt-preferences: /etc/apt/preferences.d/debian-thunderbird.pref
##
## this will make apt to prefer debian's provided thunderbird  
## 
Package: thunderbird
Pin: release o=Debian,a=stable,n=stretch
Pin-Priority: 1001
2. Make MX Package Installer (MXPI) to install thunderbird+lightning together
as one 'meta' combo-pack and have all debian provided languages for the thundebird-lightning
combo available as one lang-'meta'-pack combo also.
To create the correct MXPI package-list for all debian provided languages is just matter for
running a little script. The is actually fairly easy exercise and would not require any
development work.
It's even better to generate all MXPI menu-entries for all debian provided languages
than to manually adjust or modify the existing one's. Not to mention that within the current
MXPI langpacks we already missing some languages which are officially available.

The Migration:
To make sure to migrate exiting thunderbirds together with the user installed mx-language-packs
to the debian-version we just need to include into an apt-preference-package within
the pre- and post install steps to check which langpacks are needed do a reinstall of debians
version for both thunderbird-and lightning lang-packs!
Such an apt-preference-package could be included e.g. either with mx-apps- or mx-systems-metapack!

The End:
Any comments, corrections or concerns are welcome!
:puppy:
--fehlix
Gigabyte Z77M-D3H, Intel Xeon E3-1240 V2 (Quad core), 32GB RAM,
GeForce GTX 770, Samsung SSD 850 EVO 500GB, Seagate Barracuda 4TB

User avatar
mmikeinsantarosa
Forum Guide
Forum Guide
Posts: 2371
Joined: Thu May 01, 2014 10:12 am

Re: MX 17 Repository: The Thunderbird Thread

#7 Post by mmikeinsantarosa » Sun Jun 03, 2018 7:04 pm

I'm camping all week and not in a position to do much.
LT: MX17.1 Quad Core model: Intel Core i7-6820HQ Kernel: 4.16.0-12.1-liquorix-amd64 (64 bit)
DT: Intel(R) Core i5-3.1GHz Kernel~3.9-1-mepis64 x86_64

User avatar
Stevo
Forum Veteran
Forum Veteran
Posts: 16177
Joined: Fri Dec 15, 2006 8:07 pm

Re: MX 17 Repository: The Thunderbird Thread

#8 Post by Stevo » Sun Jun 03, 2018 7:28 pm

That looks really good to me, and I can't see any thing that should block the transition.

User avatar
Stevo
Forum Veteran
Forum Veteran
Posts: 16177
Joined: Fri Dec 15, 2006 8:07 pm

Re: MX 17 Repository: The Thunderbird Thread

#9 Post by Stevo » Tue Jun 05, 2018 2:01 pm

Since the language packages have differentbase names , the only way I can think of to have an automatic changeover to the new versions is to add dummy packages for the old names that depend on the equivalent new langpacks, which requires a lot of editing of the control file, the user ends up with a dummy package installed unless they manually remove it, and we are stuck with that system from now on.

The alternative is to just manage the changeover with a script, but that depends on having the user execute that command, something like "sudo langpack-switch".

So...what are your thoughts?

User avatar
fehlix
Forum Guide
Forum Guide
Posts: 1486
Joined: Wed Apr 11, 2018 5:09 pm

Re: MX 17 Repository: The Thunderbird Thread

#10 Post by fehlix » Tue Jun 05, 2018 2:39 pm

Stevo wrote:
Tue Jun 05, 2018 2:01 pm
Since the language packages have differentbase names , the only way I can think of to have an automatic changeover to the new versions is to add dummy packages for the old names that depend on the equivalent new langpacks, which requires a lot of editing of the control file, the user ends up with a dummy package installed unless they manually remove it, and we are stuck with that system from now on.

The alternative is to just manage the changeover with a script, but that depends on having the user execute that command, something like "sudo langpack-switch".
From user perspective the smoothest transition to the debian based packages would be to have for all l10n-xpi-LANG-packages higher version-ed dummy meta-packs, which would pull in during update the required debian lang packs.
Any alternative which requires a manual actions from the user will certainly dramatically increase the number of help-post's within this forum about missing languages within thunderbird .
--fehlix
Gigabyte Z77M-D3H, Intel Xeon E3-1240 V2 (Quad core), 32GB RAM,
GeForce GTX 770, Samsung SSD 850 EVO 500GB, Seagate Barracuda 4TB

Post Reply

Return to “Package Requests/Status - MX 17”