Project

General

Profile

Bug #16037

Upgrade Thunderbird to 1:60.2.1-1

Added by intrigeri over 1 year ago. Updated over 1 year ago.

Status:
Resolved
Priority:
Elevated
Assignee:
-
Category:
-
Target version:
Start date:
10/10/2018
Due date:
% Done:

100%

Feature Branch:
Type of work:
Code
Blueprint:
Starter:
Affected tool:
Email Client

Related issues

Blocks Tails - Feature #15506: Core work 2018Q4: Foundations Team Resolved 04/08/2018

Associated revisions

Revision dc27c9c2 (diff)
Added by intrigeri over 1 year ago

Enable the bugfix-16037-upgrade-thunderbird-to-60.2.1 APT overlay (refs: #16037).

Revision e2a7efeb (diff)
Added by intrigeri over 1 year ago

Declare Torbirdy as compatible with Thunderbird 60.* (refs: #16037).

Revision ac063e74
Added by intrigeri over 1 year ago

Merge branch 'bugfix/16037-upgrade-thunderbird-to-60.2.1' into stable (Fix-committed: #16037)

History

#1 Updated by intrigeri over 1 year ago

#2 Updated by intrigeri over 1 year ago

  • Assignee set to CyrilBrulebois

Can you take this one? (Sorry I did not take notes at the FT meeting of who said they could take a little bit more work. I think in the future I'll introduce the idea of note-taking at these meetings, limited to such critical info.)

#3 Updated by intrigeri over 1 year ago

Ping? I think you've got plenty of other work to do, so unless you tell me today that you want to handle this one and can put it in mergeable state by the end of the week, I'll take it over tomorrow or Monday early morning.

#4 Updated by CyrilBrulebois over 1 year ago

I'm working on this update, sorry for not letting you know sooner.

#5 Updated by intrigeri over 1 year ago

I'm working on this update,

Excellent!

sorry for not letting you know sooner.

That's fine :)

#6 Updated by CyrilBrulebois over 1 year ago

This is a copy of what I sent to Carsten a moment ago:

Looking at 60.2.1 for Tails, I'm wondering what your plans for
stretch(-security) are. The whole l10n re-architecturing seems a little
out of scope for an update to stable (even for one of those Mozilla
products, which are close to be given carte blanche).

I've prepared a debian/backportable-sid (for the lack of a better name)
in my repository, reverting “unwanted” commits on top of the debian/sid
branch, and updated the debian/stretch branch by merging it in there.

I haven't test-built it yet, but I wanted to share this with you right
away:
https://salsa.debian.org/kibi/thunderbird/tree/debian/backportable-sid
https://salsa.debian.org/kibi/thunderbird/tree/debian/stretch

I'll keep you posted with the build results; my Tails team mates will
likely monitor my progress on our ticket:
https://labs.riseup.net/code/issues/16037

Feedback welcome, as always!

Once I'm done test-building this branch, I'll move to merging it into our Tails branch (reverting bits added from anonym, backporting fixes) and checking what happens in a Tails environment.

#7 Updated by CyrilBrulebois over 1 year ago

It seems I was wrong in assuming I would have to revert those patches: they still apply with 60.2.1.

Looking at the upstream bug report, it seems Thunderbird is considered as non-affected?

Mozilla#1493900 doesn't even list thunderbird at all.

Mozilla#1493903 seems to have had thunderbird listed but after some on and off, it seems to be considered as not affected? At least that's how I understand comment #20 there.

Also, both https://security-tracker.debian.org/tracker/CVE-2018-12386 & https://security-tracker.debian.org/tracker/CVE-2018-12387 mention the firefox and firefox-esr packages only.

Should we keep our patches just in case? Do we have any contacts on the Thunderbird side to get a definitive opinion on the appropriateness of those fixes?

#8 Updated by CyrilBrulebois over 1 year ago

intrigeri: I've reached the 2-hour mark on this topic BTW (1h to figure out sid→stretch, 0.25h for the (proposed) debian/stretch → tails/stretch merge, 0.75h for the initial research on the security bugs); so warning you as agreed.

#9 Updated by intrigeri over 1 year ago

intrigeri: I've reached the 2-hour mark on this topic […]; so warning you as agreed.

Keep going :)

#10 Updated by intrigeri over 1 year ago

  • Status changed from Confirmed to In Progress
  • Assignee changed from CyrilBrulebois to intrigeri
  • % Done changed from 0 to 50
  • QA Check set to Ready for QA

#11 Updated by intrigeri over 1 year ago

  • Status changed from In Progress to 11
  • Assignee deleted (intrigeri)
  • % Done changed from 50 to 100
  • QA Check changed from Ready for QA to Pass

#12 Updated by intrigeri over 1 year ago

  • Status changed from 11 to In Progress

#13 Updated by intrigeri over 1 year ago

  • Status changed from In Progress to 11

#14 Updated by CyrilBrulebois over 1 year ago

  • Status changed from 11 to Resolved

Also available in: Atom PDF