Project

General

Profile

Feature #16771

Upgrade to Thunderbird 68

Added by intrigeri 8 months ago. Updated about 2 months ago.

Status:
Resolved
Priority:
Elevated
Assignee:
Category:
-
Target version:
Start date:
Due date:
% Done:

100%

Feature Branch:
feature/17219-replace-torbirdy
Type of work:
Code
Blueprint:
Starter:
Affected tool:
Email Client

Description

At some point, the only way for us to get Thunderbird security updates will be to upgrade to 68.


Subtasks

Feature #17267: Fix non-en-US dictionaries not available in Thunderbird 68Resolved

Feature #17269: Update test suite for Thunderbird 68Resolved


Related issues

Related to Tails - Feature #6156: Upstream secure Thunderbird autoconfig wizard In Progress 05/19/2016
Related to Tails - Feature #17149: Figure out what to do with Torbirdy vs. Thunderbird 78 ESR Rejected
Related to Tails - Bug #17252: All branches FTBFS since Thunderbird 68 was uploaded to buster-security Resolved
Related to Tails - Bug #17272: Error dialog when setting up a POP3 account in Thunderbird 68 Confirmed
Blocks Tails - Feature #16209: Core work: Foundations Team Confirmed
Blocked by Tails - Feature #17219: Replace TorBirdy Resolved

Associated revisions

Revision 8134f512 (diff)
Added by segfault 4 months ago

Install Thunderbird 68 (refs: #16771)

Revision 843ab366 (diff)
Added by segfault 4 months ago

Drop obsolete Thunderbird patches (refs: #16771)

These patches were merged upstream:

https://bugzilla.mozilla.org/show_bug.cgi?id=971347

Revision 16a6b3c8 (diff)
Added by segfault 4 months ago

Refresh Thunderbird patch (refs: #16771)

Dropped the first hunk because "resource://gre/modules/Services.jsm" is
already imported in line 20.

Revision 360244e7 (diff)
Added by segfault 4 months ago

Refresh Thunderbird patch for Thunderbird 68 (refs: #16771)

This updates Prefer-fetched-configurations-using-SSL-over-plainte.patch
to apply cleanly on Thunderbird 68.

Revision e4a9dfa3 (diff)
Added by segfault 4 months ago

Refresh Thunderbird patch for Thunderbird 68 (refs: #16771)

This updates Add-pref-for-whether-to-accept-plaintext-protocols-d.patch
to apply cleanly on Thunderbird 68.

Drop the first hunk, which was merged into upstream, but with
"ssl_only_mail_servers" renamed to "sslOnly".

Rename "ssl_only_mail_servers" to "sslOnly" in the other hunks.

Revision 77ef46f9 (diff)
Added by segfault 4 months ago

Refresh Thunderbird patch for Thunderbird 68 (refs: #16771)

This updates Make-use-of-non-SSL-Exchange-AutoDiscover-methods-op.patch
to apply cleanly on Thunderbird 68.

It seems like the "ssl_only_config_servers" pref is now named "sslOnly"
(see e4a9dfa3cb84d7f1afc43ab617c4a289ccd06d7c) so this commit renames that
pref in the patch.

Also, drop the hunk that patches the pref's comment. The comment in upstream is
different and I don't think it's worth our time to maintain the patch of the
comment (except if we plan to upstream it - do we?).

Revision 52ee153d (diff)
Added by segfault 4 months ago

Adjust Thunderbird AppArmor profile for Thunderbird 68 (refs: #16771)

Thunderbird 68 also accesses /dev/shm/org.mozilla.ipc.* for IPC.

Revision 4f648115 (diff)
Added by segfault 4 months ago

Install Thunderbird 68 from experimental (refs: #16771)

For testing Thunderbird 68 in Tails. This commit should be reverted once
Thunderbird 68 is available in Buster or Sid.

Revision 024e682b (diff)
Added by segfault 4 months ago

Drop obsolete Thunderbird patches (refs: #16771)

These patches were merged upstream:

https://bugzilla.mozilla.org/show_bug.cgi?id=971347

Revision e803004a (diff)
Added by segfault 4 months ago

Refresh Thunderbird patch (refs: #16771)

Dropped the first hunk because "resource://gre/modules/Services.jsm" is
already imported in line 20.

Revision fd23d85d (diff)
Added by segfault 4 months ago

Refresh Thunderbird patch for Thunderbird 68 (refs: #16771)

This updates Prefer-fetched-configurations-using-SSL-over-plainte.patch
to apply cleanly on Thunderbird 68.

Revision fd7df8a6 (diff)
Added by segfault 4 months ago

Refresh Thunderbird patch for Thunderbird 68 (refs: #16771)

This updates Add-pref-for-whether-to-accept-plaintext-protocols-d.patch
to apply cleanly on Thunderbird 68.

Drop the first hunk, which was merged into upstream, but with
"ssl_only_mail_servers" renamed to "sslOnly".

Rename "ssl_only_mail_servers" to "sslOnly" in the other hunks.

Revision 94334b74 (diff)
Added by segfault 4 months ago

Refresh Thunderbird patch for Thunderbird 68 (refs: #16771)

This updates Make-use-of-non-SSL-Exchange-AutoDiscover-methods-op.patch
to apply cleanly on Thunderbird 68.

It seems like the "ssl_only_config_servers" pref is now named "sslOnly"
(see fd7df8a66cc10cc546bf7543c4905784125e34d4) so this commit renames that
pref in the patch.

Also, drop the hunk that patches the pref's comment. The comment in upstream is
different and I don't think it's worth our time to maintain the patch of the
comment (except if we plan to upstream it - do we?).

Revision 967081fc (diff)
Added by segfault 4 months ago

Adjust Thunderbird AppArmor profile for Thunderbird 68 (refs: #16771)

Thunderbird 68 also accesses /dev/shm/org.mozilla.ipc.* for IPC.

Revision 66c3fd99 (diff)
Added by segfault 2 months ago

Adjust Thunderbird AppArmor profile for Thunderbird 68 (refs: #16771)

Thunderbird 68 also accesses /dev/shm/org.mozilla.ipc.* for IPC.

Revision 829ff3ec (diff)
Added by segfault 2 months ago

Install Thunderbird 68 from experimental (refs: #16771)

For testing Thunderbird 68 in Tails. This commit should be reverted once
Thunderbird 68 is available in Buster or Sid.

Revision b20aff52 (diff)
Added by segfault 2 months ago

Drop obsolete Thunderbird patches (refs: #16771)

These patches were merged upstream:

https://bugzilla.mozilla.org/show_bug.cgi?id=971347

Revision 5dfb952a (diff)
Added by segfault about 2 months ago

Refresh Thunderbird patch for Thunderbird 68(refs: #16771)

This updates Add-pref-for-whether-we-accept-OAuth2-during-autocon.patch
to apply cleanly on Thunderbird 68.

Dropped the first hunk because "resource://gre/modules/Services.jsm" is
already imported in line 20.

Revision ee634997 (diff)
Added by segfault about 2 months ago

Refresh Thunderbird patch for Thunderbird 68 (refs: #16771)

This updates Prefer-fetched-configurations-using-SSL-over-plainte.patch
to apply cleanly on Thunderbird 68.

Revision 56af8bd1 (diff)
Added by segfault about 2 months ago

Refresh Thunderbird patch for Thunderbird 68 (refs: #16771)

This updates Add-pref-for-whether-to-accept-plaintext-protocols-d.patch
to apply cleanly on Thunderbird 68.

Drop the first hunk, which was merged into upstream, but with
"ssl_only_mail_servers" renamed to "sslOnly".

Rename "ssl_only_mail_servers" to "sslOnly" in the other hunks.

Revision b081530b (diff)
Added by segfault about 2 months ago

Refresh Thunderbird patch for Thunderbird 68 (refs: #16771)

This updates Make-use-of-non-SSL-Exchange-AutoDiscover-methods-op.patch
to apply cleanly on Thunderbird 68.

It seems like the "ssl_only_config_servers" pref is now named "sslOnly"
(see fd7df8a66cc10cc546bf7543c4905784125e34d4) so this commit renames that
pref in the patch.

Also, drop the hunk that patches the pref's comment. The comment in upstream is
different and I don't think it's worth our time to maintain the patch of the
comment (except if we plan to upstream it - do we?).

Revision 0e22b849 (diff)
Added by segfault about 2 months ago

Adjust Thunderbird AppArmor profile for Thunderbird 68 (refs: #16771)

Thunderbird 68 also accesses /dev/shm/org.mozilla.ipc.* for IPC.

Revision 70a1b58e (diff)
Added by segfault about 2 months ago

Install Thunderbird 68 + dependencies from sid (refs: #16771)

Thunderbird migrated from experimental to sid. It depends on some
package versions not available in Buster, so we install those from sid
too.

Revision c155f086 (diff)
Added by segfault about 2 months ago

Install Thunderbird 68 from Buster security (refs: #16771)

Thunderbird 68 is now available in Buster security.

Revision d595c453 (diff)
Added by segfault about 2 months ago

Install Enigmail from sid (refs: #16771)

The Enigmail version currently available in Buster is not compatible
with Thunderbird 68.

Revision 58fbca95 (diff)
Added by segfault about 2 months ago

Refresh Thunderbird apparmor profile (refs: #16771)

Revision 3fbbe273 (diff)
Added by segfault about 2 months ago

Drop obsolete Thunderbird patches (refs: #16771)

These patches were merged upstream:

https://bugzilla.mozilla.org/show_bug.cgi?id=971347

Revision 791594fa (diff)
Added by segfault about 2 months ago

Refresh Thunderbird patch for Thunderbird 68(refs: #16771)

This updates Add-pref-for-whether-we-accept-OAuth2-during-autocon.patch
to apply cleanly on Thunderbird 68.

Dropped the first hunk because "resource://gre/modules/Services.jsm" is
already imported in line 20.

Revision c406a375 (diff)
Added by segfault about 2 months ago

Refresh Thunderbird patch for Thunderbird 68 (refs: #16771)

This updates Prefer-fetched-configurations-using-SSL-over-plainte.patch
to apply cleanly on Thunderbird 68.

Revision 00075dce (diff)
Added by segfault about 2 months ago

Refresh Thunderbird patch for Thunderbird 68 (refs: #16771)

This updates Add-pref-for-whether-to-accept-plaintext-protocols-d.patch
to apply cleanly on Thunderbird 68.

Drop the first hunk, which was merged into upstream, but with
"ssl_only_mail_servers" renamed to "sslOnly".

Rename "ssl_only_mail_servers" to "sslOnly" in the other hunks.

Revision 3231e394 (diff)
Added by segfault about 2 months ago

Refresh Thunderbird patch for Thunderbird 68 (refs: #16771)

This updates Make-use-of-non-SSL-Exchange-AutoDiscover-methods-op.patch
to apply cleanly on Thunderbird 68.

It seems like the "ssl_only_config_servers" pref is now named "sslOnly"
(see fd7df8a66cc10cc546bf7543c4905784125e34d4) so this commit renames that
pref in the patch.

Also, drop the hunk that patches the pref's comment. The comment in upstream is
different and I don't think it's worth our time to maintain the patch of the
comment (except if we plan to upstream it - do we?).

Revision 79978ff8 (diff)
Added by segfault about 2 months ago

Adjust Thunderbird AppArmor profile for Thunderbird 68 (refs: #16771)

Thunderbird 68 also accesses /dev/shm/org.mozilla.ipc.* for IPC.

Revision a1e8172c (diff)
Added by segfault about 2 months ago

Install Thunderbird 68 from Buster security (refs: #16771)

Thunderbird 68 is now available in Buster security.

Revision af98e618 (diff)
Added by segfault about 2 months ago

Install Enigmail from sid (refs: #16771)

The Enigmail version currently available in Buster is not compatible
with Thunderbird 68.

Revision 6c9de0ba (diff)
Added by segfault about 2 months ago

Refresh Thunderbird apparmor profile (refs: #16771)

Revision 3f6b3e28 (diff)
Added by intrigeri about 2 months ago

Clean up transitional state (refs: #16771)

Let's not ship both a config snippet that re-adds Thunderbird 60
(which has disappeared from the other APT sources used here)
and another one that ensures we install Thunderbird 68.

Revision 0566449b
Added by segfault about 2 months ago

Merge branch 'feature/17219-replace-torbirdy' into stable (Closes: #16771, #17219)

History

#1 Updated by intrigeri 8 months ago

#2 Updated by intrigeri 8 months ago

Exact timing is unclear at the moment but upstream is working on getting v68 ready. I'll set target version once I understand the expected timeline better.

#3 Updated by intrigeri 8 months ago

  • Related to Feature #6156: Upstream secure Thunderbird autoconfig wizard added

#4 Updated by intrigeri 8 months ago

When we do this upgrade, we should probably:

  • ship Thunderbird straight from Debian (i.e. stop building+uploading our own package)
  • apply our remaining account wizard patch (OAuth2) to the relevant files in omni.ja via a config/chroot_local-hooks/
  • update our doc under contribute/ accordingly

This would address most of what's left of the problem (having to build+upload our own Thunderbird packages regularly) that made us put #6156 on the roadmap this year. I'm saying "most" because until #6156 is done and that OAuth2-related patch is upstreamed, maintaining this delta may have a non-negligible cost.

#5 Updated by intrigeri 8 months ago

The beta is scheduled for early June. Draft release notes: https://www-stage.thunderbird.net/en-US/thunderbird/68.0beta/releasenotes/.

#6 Updated by intrigeri 5 months ago

  • Target version set to Tails_3.17

68.0 was released upstream. There will be one last release in the 60.x series (60.9) next week, which we'll miss for Tails 3.16. I expect 68.x will be our only option for Tails 3.17 / 4.0.

#7 Updated by intrigeri 5 months ago

intrigeri wrote:

When we do this upgrade, we should probably:

FTR, I've done this already and this change made it into Tails 3.15.

#8 Updated by intrigeri 4 months ago

  • Target version changed from Tails_3.17 to Tails_4.0

#9 Updated by segfault 4 months ago

  • Assignee set to segfault
  • Feature Branch set to feature/16771-thunderbird-68

I started refreshing the patches but are not finished yet and didn't push that work yet.

#10 Updated by segfault 4 months ago

  • Status changed from Confirmed to In Progress

#11 Updated by segfault 4 months ago

  • Feature Branch changed from feature/16771-thunderbird-68 to git push --set-upstream origin feature/16771-thunderbird-68+force-all-tests

#12 Updated by intrigeri 4 months ago

  • Feature Branch changed from git push --set-upstream origin feature/16771-thunderbird-68+force-all-tests to feature/16771-thunderbird-68+force-all-tests

#13 Updated by segfault 4 months ago

There is currently no Torbirdy version compatible with Thunderbird 68. I couldn't find any information about a plan to support Thunderbird 68.

There is an Enigmail version compatible with Thunderbird 68, but it's currently not in Debian.

#14 Updated by segfault 4 months ago

Copying extensions to /usr/lib/thunderbird/extensions/ doesn't seem to be enough to enable them in Thunderbird 68. I tried copying the {847b3a00-7ab1-11d4-8f02-006008948af5}.xpi installed to ~/.thunderbird/profile.default/extensions/ when installing the add-on via Thunderbird, then deleting the profile.default and starting Thunderbird again. The extension is not installed and not present in ~/.thunderbird/profile.default/extensions/.

#15 Updated by segfault 4 months ago

segfault wrote:

Copying extensions to /usr/lib/thunderbird/extensions/ doesn't seem to be enough to enable them in Thunderbird 68. I tried copying the {847b3a00-7ab1-11d4-8f02-006008948af5}.xpi installed to ~/.thunderbird/profile.default/extensions/ when installing the add-on via Thunderbird, then deleting the profile.default and starting Thunderbird again. The extension is not installed and not present in ~/.thunderbird/profile.default/extensions/.

Nevermind, I got it to work now.

#16 Updated by segfault 4 months ago

It seems like the latest torbirdy version is indeed incompatible with Thunderbird 68. At least I wasn't able to install it even when I changed the maxVersion in install.rdf from "60.*" to "68.*".

I don't know what else there is to do here, except to wait for Debian packages for enigmail and torbirdy which are compatible with Thunderbird 68.

#17 Updated by intrigeri 4 months ago

It seems like the latest torbirdy version is indeed incompatible with Thunderbird 68. At least I wasn't able to install it even when I changed the maxVersion in install.rdf from "60.*" to "68.*".

Yeah, we saw this coming and we're in the exact situation I was hoping to avoid :/

Back in March, @u started a private conversation about this with Torbirdy upstream (thread: "Fwd: Torbirdy's future"). I've not heard about it since April and AFAICT, upstream did not even create a ticket to track this upcoming issue. u, maybe you have some updates to share? (/me crosses fingers :)

This got reported twice upstream by users in the last two months:

No reply from the upstream maintainer so far.

This has not been reported to Debian yet but I expect users will start noticing as soon as Thunderbird 68 is uploaded to sid.

I don't know what else there is to do here, except to wait for Debian packages for […] torbirdy which are compatible with Thunderbird 68.

Given the historical info I provided above, I don't think it's realistic for us to keep shipping Thunderbird 60 until Torbirdy is ported. Thunderbird 68 was released 1 month ago, and upstream seems MIA, so it's unclear to me whether it will ever be ported. For Tails 4.0 we can probably just ship 60.9.0, but that won't fly forever.

Now, IIRC Torbirdy does mostly one thing: setting a bunch of prefs. It would be sad to lose this central place for sharing privacy/Tor/anonymity related prefs, but as far as Tails users are concerned, we could "just" (sic!) set those prefs ourselves in tails.git. That's certainly better than shipping an outdated Thunderbird with known security issues for months or years.

If, for some reason, this does not work for some critical prefs, we could try porting Torbirdy ourselves, trimming it down from its UI and whatever is not strictly necessary for us: hopefully what's left will be compatible with Thunderbird 68. But first, we would need to understand what exactly it is, that Torbirdy is using, and that's deprecated in Thunderbird 68. If the work to do is porting to WebExt or something like this, it may be a huge task, and we'll need to consider how critical the missing bits are.

There is an Enigmail version compatible with Thunderbird 68, but it's currently not in Debian.

Yep, and the Thunderbird maintainer reached out to the Enigmail one about it: https://alioth-lists.debian.net/pipermail/pkg-apparmor-team/2019-September/003143.html.
I hope dkg has time to import & upload the new Enigmail upstream release in the next few weeks.
Worst case, we may have to do it ourselves.

BTW, Carsten's email has some more info that's relevant for us.

Cheers!

#18 Updated by u 4 months ago

I've pinged upstream again, but to no avail. So no, I have no magic news about the issue :/ I've recently forwarded the email to segfault with more details.

#19 Updated by intrigeri 4 months ago

I've pinged upstream again, but to no avail. So no, I have no magic news about the issue :/ I've recently forwarded the email to segfault with more details.

Thanks for the quick reply!

#20 Updated by segfault 4 months ago

  • Target version changed from Tails_4.0 to Tails_4.1

We decided to postpone this to 4.1 and ship Thunderbird 60.9 in 4.0.

#21 Updated by u 3 months ago

FTR, the upstream author promised to send us an assessment of the situation and the work to do by the end of this week.

#22 Updated by intrigeri 3 months ago

  • Related to Feature #17149: Figure out what to do with Torbirdy vs. Thunderbird 78 ESR added

#23 Updated by intrigeri 3 months ago

u wrote:

FTR, the upstream author promised to send us an assessment of the situation and the work to do by the end of this week.

@u, amazing, thanks!

I've optimistically filed #17149 to track the next iteration of this problem, which will probably be even harder wrt. Thunderbird 78, even if we find a way to make Torbirdy work on Thunderbird 68. My goal here is to ensure this is on our radar early enough, to avoid any bad surprise next summer/fall.

#24 Updated by u 3 months ago

@intrigeri: sounds good. The upstream author has made an assessment of the work to be done. I proposed to help him with testing, and asked what else needs we could help with.

#25 Updated by u 3 months ago

We should probably meet with the upstream author to talk about our needs and outline a plan to save the world of email over Tor. See email sent to @hefee, @intrigeri @segfault some minutes ago.

#27 Updated by segfault 2 months ago

#28 Updated by intrigeri 2 months ago

  • Priority changed from Normal to Elevated

Rationale: Thunderbird 60.x is EOL and won't get further security updates.

But as I just wrote on #17219: if we lack the resources to complete this in time for 4.1 without burning people out, IMO so be it.

#29 Updated by segfault 2 months ago

Thunderbird 68 from sid now depends on some package versions not available in Buster. The affected packages are: enigmail libc-bin libc-l10n libc6 libfreetype6 libnss3 libstdc++6 locales-all. So we would have to install those from sid as well.

#30 Updated by intrigeri 2 months ago

Thunderbird 68 from sid now depends on some package versions not available in Buster.

Indeed. Since then, 1:68.2.2-1~deb10u1 was uploaded to buster-security (DSA 4571-1) so this should not be a problem anymore :)

#31 Updated by segfault 2 months ago

intrigeri wrote:

Thunderbird 68 from sid now depends on some package versions not available in Buster.

Indeed. Since then, 1:68.2.2-1~deb10u1 was uploaded to buster-security (DSA 4571-1) so this should not be a problem anymore :)

Right, just saw that too :)

#32 Updated by intrigeri about 2 months ago

  • Related to Bug #17252: All branches FTBFS since Thunderbird 68 was uploaded to buster-security added

#33 Updated by intrigeri about 2 months ago

Note that feature/16771-thunderbird-68+force-all-tests and feature/17219-replace-torbirdy have diverged (I guess because the latter had its history rewritten). The former has nothing that's not in the latter, right? If so, I propose we KISS and use one single branch for this ticket and #17219. I don't particularly care about how we call it, but given recent work has happened on the #17219 branch, I'll base my Thunderbird 68 work on it too.

#34 Updated by intrigeri about 2 months ago

  • Related to Bug #17272: Error dialog when setting up a POP3 account in Thunderbird 68 added

#35 Updated by intrigeri about 2 months ago

  • Feature Branch changed from feature/16771-thunderbird-68+force-all-tests to feature/17219-replace-torbirdy

#36 Updated by intrigeri about 2 months ago

  • Status changed from In Progress to Needs Validation

I've reviewed the whole branch and I'm go for it! Great job \o/

This lead me to add a cleanup: 3f6b3e28039aeebe3cd5174ab836c6afc8b71ecf.

Reassigning because the last blocker for the merge (#17269) is a review currently assigned to segfault.

#37 Updated by segfault about 2 months ago

  • Status changed from Needs Validation to Resolved

Also available in: Atom PDF