e83494febcd1e213ce6f1dc6953db4ce87d4ba07: Bug 1464391 - Use appropriate flags when serialising HTML in mimeTextHTMLParsed.cpp. r=BenB a=jorgk DONTBUILD
Jorg K <jorgk@jorgk.com> - Fri, 25 May 2018 05:42:00 +0200 - rev 28237
Push 2082 by mozilla@jorgk.com at Sat, 26 May 2018 12:36:30 +0000
Bug 1464391 - Use appropriate flags when serialising HTML in mimeTextHTMLParsed.cpp. r=BenB a=jorgk DONTBUILD
e3e80074c7e10f6dbcd596001b1e995e4f78a492: Bug 1419417 - revert temporary fix from bug 1457721. r=mkmelin a=jorgk
Jorg K <jorgk@jorgk.com> - Mon, 21 May 2018 18:49:39 +0200 - rev 28236
Push 2081 by mozilla@jorgk.com at Tue, 22 May 2018 07:24:56 +0000
Bug 1419417 - revert temporary fix from bug 1457721. r=mkmelin a=jorgk
6b77778b904037f6f603a9424deb6e98cf3e1e97: Bug 1419417 - adjust test expectancy. r=mkmelin,BenB a=jorgk
Jorg K <jorgk@jorgk.com> - Mon, 21 May 2018 18:48:59 +0200 - rev 28235
Push 2081 by mozilla@jorgk.com at Tue, 22 May 2018 07:24:56 +0000
Bug 1419417 - adjust test expectancy. r=mkmelin,BenB a=jorgk
6eca16d60d9031dce68473eb3e1693116e4df3c1: Bug 1419417 - Parse HTML to make sure that tags and attributes are properly closed. r=mkmelin,jorgk a=jorgk
Ben Bucksch <ben.bucksch@beonex.com> - Mon, 21 May 2018 18:44:41 +0200 - rev 28234
Push 2081 by mozilla@jorgk.com at Tue, 22 May 2018 07:24:56 +0000
Bug 1419417 - Parse HTML to make sure that tags and attributes are properly closed. r=mkmelin,jorgk a=jorgk This fixes the efail <http://efail.de> security bug, which opens a HTML tag or attribute in an HTML MIME part, then puts in a PGP-encrypted part, and then another HTML part with the closing quote or tag. This could be e.g. <img src=' or <form><textarea>, CSS URL or similar features that send out the following text as URL and therefore leak it to the attacker who crafted the email. The PGP part will then be decrypted and leak. The bug was that we just passed HTML through verbatim. The frontend does not have any further precautions, either. The correct solution here is to jail each MIME part into a separate <iframe type="content"> in the UI. However, we don't want one scrollbar for each MIME part, but one scroll for the entire body. <iframe seamless> would allow that, but it was never implemented in Firefox and is now dead. We might later find a workaround, but this is more work and can't be done short term. The fix here in libmime first parses the HTML that we get in the HTML MIME part, and then immediately serialized it again. That ensures that the HTML document is complete, syntactically correct, and all tags and attributes are properly closed, before we start with the next MIME part.
4c8746e63c32a6389f501d052b6c2e63b2765192: Bug 1462481 - Follow-up: fix "Context-Type", fix typo in comment and remove comment referencing future code. r=me a=jorgk
Jorg K <jorgk@jorgk.com> - Mon, 21 May 2018 00:19:38 +0200 - rev 28233
Push 2081 by mozilla@jorgk.com at Tue, 22 May 2018 07:24:56 +0000
Bug 1462481 - Follow-up: fix "Context-Type", fix typo in comment and remove comment referencing future code. r=me a=jorgk
fd71eff2a0046cf8488d03f7a0e4413201fbfb69: Bug 1462481 - fix white-space issues in mimethsa.cpp. rs=white-space-only a=jorgk
Jorg K <jorgk@jorgk.com> - Sat, 19 May 2018 22:42:29 +0200 - rev 28232
Push 2081 by mozilla@jorgk.com at Tue, 22 May 2018 07:24:56 +0000
Bug 1462481 - fix white-space issues in mimethsa.cpp. rs=white-space-only a=jorgk [skip-blame]
cc471639dc646fc346579875a78196ee4e14ea0b: Bug 1462481 - clean up MIME's HTML sanitizer class. r=mkmelin,jorgk a=jorgk
Ben Bucksch <ben.bucksch@beonex.com> - Thu, 17 May 2018 15:11:00 +0200 - rev 28231
Push 2081 by mozilla@jorgk.com at Tue, 22 May 2018 07:24:56 +0000
Bug 1462481 - clean up MIME's HTML sanitizer class. r=mkmelin,jorgk a=jorgk
c800d87ff15e9ffc26fb76bdf50d56aa7921ff83: Added THUNDERBIRD_52_8_0_RELEASE THUNDERBIRD_52_8_0_BUILD1 tag(s) for changeset a3e98a4c87a9. DONTBUILD CLOSED TREE a=release THUNDERBIRD5280_2018051617_RELBRANCH
tbirdbld - Wed, 16 May 2018 17:52:12 -0400 - rev 28230
Push 2080 by tbirdbld at Wed, 16 May 2018 21:52:18 +0000
Added THUNDERBIRD_52_8_0_RELEASE THUNDERBIRD_52_8_0_BUILD1 tag(s) for changeset a3e98a4c87a9. DONTBUILD CLOSED TREE a=release
a3e98a4c87a91c1455da12289810bba4dd63b1ee: Automated checkin: version bump for thunderbird 52.8.0 release. DONTBUILD CLOSED TREE a=release THUNDERBIRD5280_2018051617_RELBRANCH THUNDERBIRD_52_8_0_BUILD1 THUNDERBIRD_52_8_0_RELEASE
tbirdbld - Wed, 16 May 2018 17:52:10 -0400 - rev 28229
Push 2080 by tbirdbld at Wed, 16 May 2018 21:52:18 +0000
Automated checkin: version bump for thunderbird 52.8.0 release. DONTBUILD CLOSED TREE a=release
3112e25f905d0423f6f433a385f8c015a254c1e9: Bug 1460726: Use https for internal pypi in installmozmill; rs=bustage-fix a=me
Tom Prince <mozilla@hocat.ca> - Wed, 16 May 2018 09:56:29 -0600 - rev 28228
Push 2079 by mozilla@hocat.ca at Wed, 16 May 2018 15:58:41 +0000
Bug 1460726: Use https for internal pypi in installmozmill; rs=bustage-fix a=me
39a9f1a0d89b144248a7583029fc2d00db59bf01: No bug, Automated blocklist update from host bld-linux64-spot-326 - a=blocklist-update
tbirdbld - Wed, 16 May 2018 03:10:37 -0700 - rev 28227
Push 2078 by tbirdbld at Wed, 16 May 2018 10:10:40 +0000
No bug, Automated blocklist update from host bld-linux64-spot-326 - a=blocklist-update
0ff181e14e7f2c8c5ecb8aad658a3cc29031213c: Bug 1460726: Environment variables are strings; rs=bustage-fix a=me
Tom Prince <mozilla@hocat.ca> - Tue, 15 May 2018 23:57:07 -0600 - rev 28226
Push 2077 by mozilla@hocat.ca at Wed, 16 May 2018 05:57:26 +0000
Bug 1460726: Environment variables are strings; rs=bustage-fix a=me
2039414ea21c481e1419a7040e3f5202072247c9: Bug 1460726 - Follow-up: Add |.get|. rs=bustage-fix a=jorgk
Philipp Kewisch - Tue, 15 May 2018 19:58:34 +0200 - rev 28225
Push 2076 by mozilla@jorgk.com at Tue, 15 May 2018 18:01:22 +0000
Bug 1460726 - Follow-up: Add |.get|. rs=bustage-fix a=jorgk
835aa204b328f062d2b315b2a42b1dbb8d380b30: Bug 1460726 - Follow-up: fix typo. rs=bustage-fix,typo-only a=jorgk
Jorg K <jorgk@jorgk.com> - Tue, 15 May 2018 19:40:31 +0200 - rev 28224
Push 2075 by mozilla@jorgk.com at Tue, 15 May 2018 17:41:02 +0000
Bug 1460726 - Follow-up: fix typo. rs=bustage-fix,typo-only a=jorgk
48295e2bf1df191ef4ec3010d496030ea8164730: Bug 1460726 - Install packages from internal pypi mirror. r=philipp a=philipp
Tom Prince <mozilla@hocat.ca> - Tue, 15 May 2018 14:43:36 +0200 - rev 28223
Push 2074 by mozilla@jorgk.com at Tue, 15 May 2018 12:46:07 +0000
Bug 1460726 - Install packages from internal pypi mirror. r=philipp a=philipp
15fa303c5f10d87034a24d9276342b38d93850fa: No bug, Automated blocklist update from host bld-linux64-spot-326 - a=blocklist-update
tbirdbld - Tue, 15 May 2018 03:10:39 -0700 - rev 28222
Push 2073 by tbirdbld at Tue, 15 May 2018 10:10:43 +0000
No bug, Automated blocklist update from host bld-linux64-spot-326 - a=blocklist-update
186f453358f0eec029a854d4a62698b4c73ba0dc: merge rev b6dbcbdec116 to SEAMONKEY_2_49_ESR_RELBRANCH. a=frg SEAMONKEY_2_49_ESR_RELBRANCH
Frank-Rainer Grahl <frgrahl@gmx.net> - Mon, 14 May 2018 09:01:12 +0200 - rev 28221
Push 2072 by frgrahl@gmx.net at Mon, 14 May 2018 07:02:35 +0000
merge rev b6dbcbdec116 to SEAMONKEY_2_49_ESR_RELBRANCH. a=frg
d3380b0a4ffd5b1fa556f1b42451359148485131: merge rev b6dbcbdec116 to SEAMONKEY_2_49_ESR_RELBRANCH. a=frg SEA_COMM5270_20180329_RELBRANCH
Frank-Rainer Grahl <frgrahl@gmx.net> - Mon, 14 May 2018 08:50:44 +0200 - rev 28220
Push 2071 by frgrahl@gmx.net at Mon, 14 May 2018 06:51:48 +0000
merge rev b6dbcbdec116 to SEAMONKEY_2_49_ESR_RELBRANCH. a=frg
b6dbcbdec1163a132c30ece7f118ac29e7b73d08: Bug 1268031 - Missing space in composer_help.xhtml; r=frg, a=IanN
rsx11m <rsx11m.pub@gmail.com> - Fri, 11 May 2018 16:27:59 -0500 - rev 28219
Push 2070 by rsx11m.pub@gmail.com at Sun, 13 May 2018 13:56:06 +0000
Bug 1268031 - Missing space in composer_help.xhtml; r=frg, a=IanN
886b0e10bafa7471e3daeebb338215f99c508ef4: Bug 1411592 - prevent remote content for encrypted S/MIME messages. r=jorgk a=jorgk
Magnus Melin <mkmelin+mozilla@iki.fi> - Sun, 22 Apr 2018 23:53:31 +0300 - rev 28218
Push 2069 by mozilla@jorgk.com at Wed, 09 May 2018 23:02:28 +0000
Bug 1411592 - prevent remote content for encrypted S/MIME messages. r=jorgk a=jorgk
(0) -10000 -3000 -1000 -300 -100 -50 -20 +20 +50 +100 tip