Project

General

Profile

Feature #12639

Upgrade Thunderbird to 52.x

Added by intrigeri almost 3 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Elevated
Assignee:
-
Category:
-
Target version:
Start date:
06/05/2017
Due date:
% Done:

100%

Feature Branch:
feature/12639-thunderbird-52
Type of work:
Code
Blueprint:
Starter:
Affected tool:
Email Client

Description

Tails 3.0 will ship Thunderbird 48.x. And icedove (1:52.1.1-1) just made it into the Debian NEW queue, woohoo! We should check if we have to upgrade to 52.x in Tails 3.1, or if this can wait until Tails 3.2, and draw plans accordingly. I'll handle the initial assessment and will ask for help if needed.


Related issues

Related to Tails - Bug #13530: ISO builds are broken by weird enigmail situation Resolved 07/29/2017
Related to Tails - Bug #12680: Persistent Thunderbird blocks future 0000tails.js prefs changes Resolved 06/10/2017
Blocks Tails - Feature #13234: Core work 2017Q3: Foundations Team Resolved 06/29/2017

Associated revisions

Revision f9bc4003 (diff)
Added by intrigeri over 2 years ago

Keep installing a version of Enigmail that's compatible with Thunderbird 45.x (refs: #13530, #12639).

We will ship Thunderbird 45.x in Tails 3.1, but
stretch/updates (debian-security) now includes Enigmail 2:1.9.8.1-1~deb9u1, that
depends on Thunderbird 52. So let's install 2:1.9.7-2 instead, as we did in
Tails 3.0 and 3.0.1.

Revision 1bf21265 (diff)
Added by anonym over 2 years ago

Fix Thunderbird release process for versions >= 52.

Refs: #12639

Revision 7deeb83f (diff)
Added by anonym over 2 years ago

Add the feature-12639-thunderbird-52 APT overlay.

Will-fix: #12639

Revision 3d094766 (diff)
Added by anonym over 2 years ago

Remove freeze exceptions added for #13530.

Now that we install Thunderbird >=52 we can install Enigmail from
Debian again.

Refs: #12639

Revision 2c7e4969 (diff)
Added by intrigeri over 2 years ago

Fix typo (refs: #12639).

Revision bd566e88
Added by intrigeri over 2 years ago

Merge branch 'feature/12639-thunderbird-52' into devel (Fix-committed: #12639).

Revision ebdf3c0d (diff)
Added by intrigeri about 1 year ago

Manual test suite: clarify bits of the "Reproducibility" section (refs: #12639)

Following up on issues observed the first time someone did it
since my last updates.

History

#1 Updated by intrigeri almost 3 years ago

52.1.1-1 has no security fixed that 45.8.0 would lack, so let's wait for a newer release.

#2 Updated by intrigeri almost 3 years ago

52.2 is out, and here's the MFSA: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/. It has a header that reads "In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts." which sounds good, except… i n general. Looking closer, indeed most of these bugs seem impossible to exploit in our default Thunderbird configuration (raw-text body, no HTML). So I think we could reasonably stick to our current Thunderbird packages for Tails 3.1. Still, once 52.2 is available in Debian (and I bet it'll make it into the Stretch security repo) we should give it a try: if the upgrade is simple, let's be on the safe side and better protect even those of our users who need to read HTML email occasionally. So I'll keep this ticket on my radar for a little bit longer.

#3 Updated by intrigeri almost 3 years ago

  • Assignee changed from intrigeri to anonym
  • Target version changed from Tails_3.1 to Tails_3.2

intrigeri wrote:

we should give it a try: if the upgrade is simple, let's be on the safe side and better protect even those of our users who need to read HTML email occasionally. So I'll keep this ticket on my radar for a little bit longer.

I've tried it, and spent 3 hours following (and fixing) the release process doc; sadly, the resulting branch FTBFS. I've pushed all my work to Git.

So the upgrade is not as simple as I would have hoped => postponing to 3.2.

#4 Updated by intrigeri almost 3 years ago

  • Status changed from Confirmed to In Progress
  • % Done changed from 0 to 10
  • Feature Branch set to feature/12639-thunderbird-52.2.0-1

#5 Updated by intrigeri almost 3 years ago

#6 Updated by intrigeri over 2 years ago

icedove 1:52.2.1-4~deb9u1 entered NEW, which should make it easier to update our custom package.

#7 Updated by intrigeri over 2 years ago

  • Related to Bug #13530: ISO builds are broken by weird enigmail situation added

#8 Updated by intrigeri over 2 years ago

When doing this we'll need to ensure we thaw the enigmail version that #13530 will add to our custom APT repo, and switch to the current version in stretch/updates (security repo).

#9 Updated by intrigeri over 2 years ago

  • Priority changed from Normal to Elevated

(Highlighting non-trivial tickets that have to be done in time for 3.2.)

#10 Updated by intrigeri over 2 years ago

  • Related to Bug #12680: Persistent Thunderbird blocks future 0000tails.js prefs changes added

#11 Updated by intrigeri over 2 years ago

52.3.0-4~deb9u1 was uploaded to stretch/security two days ago.

#12 Updated by anonym over 2 years ago

  • Feature Branch changed from feature/12639-thunderbird-52.2.0-1 to feature/12639-thunderbird-52

#13 Updated by anonym over 2 years ago

  • Assignee changed from anonym to intrigeri
  • % Done changed from 10 to 50
  • QA Check set to Ready for QA
  • The full thunderbird.feature passed on my system.
  • My manual testing also worked.

#14 Updated by intrigeri over 2 years ago

Added two fixes (c485d4653685d0e1c393a035ae4de63359f8be23 and 2c7e4969f2c22d3897297895f8cc6ad106912724) on top. I admit I didn't test these changes but oh well: one typo in a comment and indentation fixes. Other than that, code review passes.

Congrats (again) for automating the Enigmail version update!

Wrt. the release process update:

  • Good that you've improved it! Looks like the work I did on this documentation in June raised your expectations up to the "I should be able to follow this doc and things should just work" level, which is exactly how it should be :)
  • I'd rather see the full Debian package version (including epoch) used in $VERSION instead of assuming the epoch will be "1" forever and hardcoding it everywhere else (that's not a regression brought by your branch, I just noticed it in the diff).
  • "thunderbird Debian release 1:${TAILS_VERSION:?}" seems wrong: we're releasing this to Tails, not to Debian.

I don't get this change (if --follow-tags is not enough, then likely the tag doesn't point to the right place, so perhaps we'd better not push it):

-        git push --follow-tags origin tails/stretch && \
+        git push --follow-tags origin ${NEW_GBP_TAG:?} tails/stretch && \

None of this is a blocker, of course.

I'll now test manually and will hopefully merge by 7pm CEST.

#15 Updated by intrigeri over 2 years ago

Tested using a profile that was previously configured on an older Tails, works fine. Deleted profile.default, and then the account setup wizard triggers and works as expected. I can read email over IMAP and send email. I tested Enigmail a bit since we got a new version: I could create a keypair, send encrypted email and read encrypted email. Going to merge!

Clicking a HTTPS URL doesn't immediately open Tor Browser: instead I see a dialog that allows me to choose an application; thankfully Tor Browser is the default and works fine. I see the same behaviour on 3.1, but perhaps it should be treated as a bug? Please file a ticket if that's not done on purpose or already tracked elsewhere. Certainly not an emergency (don't even bother assigning it to anyone) but still.

#16 Updated by intrigeri over 2 years ago

  • Status changed from In Progress to 11
  • % Done changed from 50 to 100

#17 Updated by intrigeri over 2 years ago

  • Assignee deleted (intrigeri)
  • QA Check changed from Ready for QA to Pass

#18 Updated by anonym over 2 years ago

  • Status changed from 11 to Resolved

Also available in: Atom PDF