summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorintrigeri <intrigeri@boum.org>2020-02-16 09:08:06 +0000
committerintrigeri <intrigeri@boum.org>2020-02-16 09:34:52 +0000
commitb2f25ff12716472a70f1648f4529304daa9d4a82 (patch)
tree5333a380b0a0f96a0ba7ab1f75aa8c9e5d6a1266
parentc70560a918ca3776f50ae3eefb90ba083cfe60b3 (diff)
Refresh Tails' secure autoconfiguration patches.tails/buster
Based on current (but outdated) Tails patches taken from commit af9bd327b65a7457e5ccc9ad2d0b8f623faacbc9 in tails.git stable branch.
-rw-r--r--debian/patches/secure-account-creation/Add-SOCKS-proxy-support-for-account-guessing.patch86
-rw-r--r--debian/patches/secure-account-creation/Add-comment-for-pref.patch24
-rw-r--r--debian/patches/secure-account-creation/Add-pref-for-setting-the-autoconfiguration-guess-tim.patch52
-rw-r--r--debian/patches/secure-account-creation/Add-pref-for-whether-to-accept-plaintext-protocols-d.patch65
-rw-r--r--debian/patches/secure-account-creation/Add-pref-for-whether-we-accept-OAuth2-during-autocon.patch124
-rw-r--r--debian/patches/secure-account-creation/Also-fetch-ISP-configuration-using-SSL.patch106
-rw-r--r--debian/patches/secure-account-creation/Avoid-local-timestamp-disclosure-in-Date-header.patch101
-rw-r--r--debian/patches/secure-account-creation/Avoid-spellchecking-language-disclosure-in-Content-Language-header.patch27
-rw-r--r--debian/patches/secure-account-creation/Improve-logging-of-guess-instances.patch100
-rw-r--r--debian/patches/secure-account-creation/Invalidate-config-when-restarting-autoconfiguration.patch28
-rw-r--r--debian/patches/secure-account-creation/Make-use-of-non-SSL-Exchange-AutoDiscover-methods-op.patch42
-rw-r--r--debian/patches/secure-account-creation/Prefer-fetched-configurations-using-SSL-over-plainte.patch37
-rw-r--r--debian/patches/series8
13 files changed, 257 insertions, 543 deletions
diff --git a/debian/patches/secure-account-creation/Add-SOCKS-proxy-support-for-account-guessing.patch b/debian/patches/secure-account-creation/Add-SOCKS-proxy-support-for-account-guessing.patch
deleted file mode 100644
index 294770b..0000000
--- a/debian/patches/secure-account-creation/Add-SOCKS-proxy-support-for-account-guessing.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-From bb7b4741004c367132869b56dbd62a829ac67167 Mon Sep 17 00:00:00 2001
-From: anonym <anonym@riseup.net>
-Date: Wed, 27 Feb 2019 09:54:59 +0100
-Subject: [PATCH] Add SOCKS proxy support for account guessing.
-
-Any configured SOCKS proxy will be used while probing servers, but
-HTTP(s) proxies etc will be ignored since they are not
-applicable. This solves Mozilla bug #669238:
-
- https://bugzilla.mozilla.org/show_bug.cgi?id=669238
-
-Refreshed-by: Cyril Brulebois <ckb@riseup.net>
-
-Backported from TB 66 to TB 65, dropping reindentation to have a
-higher chance of applying this patch successfully against further
-65.x releases.
-
---- a/comm/mail/components/accountcreation/content/guessConfig.js
-+++ b/comm/mail/components/accountcreation/content/guessConfig.js
-@@ -467,9 +467,18 @@ HostDetector.prototype =
- if (i == 0) // showing 50 servers at once is pointless
- this.mProgressCallback(thisTry);
-
-+ // This implements the nsIProtocolProxyCallback interface:
-+ function ProxyResolveCallback() { }
-+ ProxyResolveCallback.prototype = {
-+ onProxyAvailable : function(req, uri, proxyInfo, status) {
-+ // Anything but a SOCKS proxy will be unusable for the probes.
-+ if (proxyInfo != null && proxyInfo.type != "socks" &&
-+ proxyInfo.type != "socks4") {
-+ proxyInfo = null;
-+ }
- thisTry.abortable = SocketUtil(
- thisTry.hostname, thisTry.port, thisTry.ssl,
-- thisTry.commands, TIMEOUT,
-+ thisTry.commands, TIMEOUT, proxyInfo,
- new SSLErrorHandler(thisTry, this._log),
- function(wiredata) // result callback
- {
-@@ -487,6 +496,21 @@ HostDetector.prototype =
- thisTry.status = kFailed;
- me._checkFinished();
- });
-+ }
-+ };
-+
-+ var proxyService = Cc["@mozilla.org/network/protocol-proxy-service;1"]
-+ .getService(Ci.nsIProtocolProxyService);
-+ // Use some arbitrary scheme just because it is required...
-+ var uri = Services.io.newURI("http://" + thisTry.hostname, null, null);
-+ // ... we'll ignore it any way. We prefer SOCKS since that's the
-+ // only thing we can use for email protocols.
-+ var proxyFlags = Ci.nsIProtocolProxyService.RESOLVE_IGNORE_URI_SCHEME |
-+ Ci.nsIProtocolProxyService.RESOLVE_PREFER_SOCKS_PROXY;
-+ if (Services.prefs.getBoolPref("network.proxy.socks_remote_dns")) {
-+ proxyFlags |= Ci.nsIProtocolProxyService.RESOLVE_ALWAYS_TUNNEL;
-+ }
-+ proxyService.asyncResolve(uri, proxyFlags, new ProxyResolveCallback());
- thisTry.status = kOngoing;
- }
- },
-@@ -1019,13 +1043,14 @@ SSLErrorHandler.prototype =
- * @param commands {Array of String}: protocol commands
- * to send to the server.
- * @param timeout {Integer} seconds to wait for a server response, then cancel.
-+ * @param proxy {nsIProxyInfo} The proxy to use (or null to not use any).
- * @param sslErrorHandler {SSLErrorHandler}
- * @param resultCallback {function(wiredata)} This function will
- * be called with the result string array from the server
- * or null if no communication occurred.
- * @param errorCallback {function(e)}
- */
--function SocketUtil(hostname, port, ssl, commands, timeout,
-+function SocketUtil(hostname, port, ssl, commands, timeout, proxy,
- sslErrorHandler, resultCallback, errorCallback)
- {
- assert(commands && commands.length, "need commands");
-@@ -1064,7 +1089,7 @@ function SocketUtil(hostname, port, ssl,
- var socketTypeName = ssl == SSL ? "ssl" : (ssl == TLS ? "starttls" : null);
- var transport = transportService.createTransport([socketTypeName],
- ssl == NONE ? 0 : 1,
-- hostname, port, null);
-+ hostname, port, proxy);
-
- transport.setTimeout(Ci.nsISocketTransport.TIMEOUT_CONNECT, timeout);
- transport.setTimeout(Ci.nsISocketTransport.TIMEOUT_READ_WRITE, timeout);
diff --git a/debian/patches/secure-account-creation/Add-comment-for-pref.patch b/debian/patches/secure-account-creation/Add-comment-for-pref.patch
deleted file mode 100644
index 63eeb1e..0000000
--- a/debian/patches/secure-account-creation/Add-comment-for-pref.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From b0ca355e118dd7d4bf147550fbce8ddd23140c8e Mon Sep 17 00:00:00 2001
-From: anonym <anonym@riseup.net>
-Date: Wed, 27 Feb 2019 09:44:54 +0100
-Subject: [PATCH] Add comment for pref.
-
-All other prefs in this section have comments, so not commenting this
-one may even be confusing ("does the comment for
-fetchFromExchange.enable also apply to guess.enabled?").
----
- comm/mailnews/mailnews.js | 3 +++
- 1 file changed, 3 insertions(+)
-
---- a/comm/mailnews/mailnews.js
-+++ b/comm/mailnews/mailnews.js
-@@ -908,6 +908,9 @@ pref("mailnews.auto_config.fetchFromISP.
- // This also sends the email address and password to the server,
- // which the protocol unfortunately requires in practice.
- pref("mailnews.auto_config.fetchFromExchange.enabled", true);
-+// Whether we will attempt to guess the account configuration based on
-+// protocol default ports and common domain practices
-+// (e.g. {mail,pop,imap,smtp}.<email-domain>).
- pref("mailnews.auto_config.guess.enabled", true);
- // Work around bug 1454325 by disabling mimetype mungling in XmlHttpRequest
- pref("dom.xhr.standard_content_type_normalization", false);
diff --git a/debian/patches/secure-account-creation/Add-pref-for-setting-the-autoconfiguration-guess-tim.patch b/debian/patches/secure-account-creation/Add-pref-for-setting-the-autoconfiguration-guess-tim.patch
deleted file mode 100644
index 1d3c876..0000000
--- a/debian/patches/secure-account-creation/Add-pref-for-setting-the-autoconfiguration-guess-tim.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From c143a7e31885968afa1488f0a103676a84fa183f Mon Sep 17 00:00:00 2001
-From: anonym <anonym@riseup.net>
-Date: Wed, 27 Feb 2019 10:44:24 +0100
-Subject: [PATCH] Add pref for setting the autoconfiguration guess timeout.
-
-The static 10 seconds is not enough for Tor users (delay spikes of 10
-seconds is not uncommon), so let's make it possible for the TorBirdy
-extension to override this timeout.
----
- comm/mail/components/accountcreation/content/guessConfig.js | 5 ++---
- comm/mailnews/mailnews.js | 2 ++
- 2 files changed, 4 insertions(+), 3 deletions(-)
-
---- a/comm/mail/components/accountcreation/content/guessConfig.js
-+++ b/comm/mail/components/accountcreation/content/guessConfig.js
-@@ -6,8 +6,6 @@
- ChromeUtils.import("resource:///modules/gloda/log4moz.js");
- ChromeUtils.import("resource://gre/modules/Services.jsm");
-
--var TIMEOUT = 10; // in seconds
--
- // This is a bit ugly - we set outgoingDone to false
- // when emailWizard.js cancels the outgoing probe because the user picked
- // an outoing server. It does this by poking the probeAbortable object,
-@@ -456,6 +454,7 @@ HostDetector.prototype =
- if (this._cancel)
- return;
- var me = this;
-+ var timeout = Services.prefs.getIntPref("mailnews.auto_config.guess.timeout");
- for (let i = 0; i < this._hostsToTry.length; i++)
- {
- let thisTry = this._hostsToTry[i]; // {HostTry}
-@@ -478,7 +477,7 @@ HostDetector.prototype =
- }
- thisTry.abortable = SocketUtil(
- thisTry.hostname, thisTry.port, thisTry.ssl,
-- thisTry.commands, TIMEOUT, proxyInfo,
-+ thisTry.commands, timeout, proxyInfo,
- new SSLErrorHandler(thisTry, this._log),
- function(wiredata) // result callback
- {
---- a/comm/mailnews/mailnews.js
-+++ b/comm/mailnews/mailnews.js
-@@ -918,6 +918,8 @@ pref("mailnews.auto_config.ssl_only_conf
- // protocol default ports and common domain practices
- // (e.g. {mail,pop,imap,smtp}.<email-domain>).
- pref("mailnews.auto_config.guess.enabled", true);
-+// The timeout (in seconds) for each guess
-+pref("mailnews.auto_config.guess.timeout", 10);
- // Whether we allow fetched configurations using OAuth2.
- pref("mailnews.auto_config.account_constraints.allow_oauth2", true);
- // Work around bug 1454325 by disabling mimetype mungling in XmlHttpRequest
diff --git a/debian/patches/secure-account-creation/Add-pref-for-whether-to-accept-plaintext-protocols-d.patch b/debian/patches/secure-account-creation/Add-pref-for-whether-to-accept-plaintext-protocols-d.patch
index 2d56f80..cf6431e 100644
--- a/debian/patches/secure-account-creation/Add-pref-for-whether-to-accept-plaintext-protocols-d.patch
+++ b/debian/patches/secure-account-creation/Add-pref-for-whether-to-accept-plaintext-protocols-d.patch
@@ -1,69 +1,54 @@
-From 619c17e0dc3d1cbfdf3859b18c9e71ec00694f9c Mon Sep 17 00:00:00 2001
-From: anonym <anonym@riseup.net>
-Date: Wed, 27 Feb 2019 10:59:33 +0100
+From: intrigeri <intrigeri@boum.org>
+Date: Sun, 16 Feb 2020 09:29:00 +0000
Subject: [PATCH] Add pref for whether to accept plaintext protocols during
autoconfiguration.
-Let's make it possible for security-focused distributions (and
-extensions like TorBirdy) to prevent insecure configurations to ever
-be displayed to users; for other users there is a warning explaining
-the consequences of accepting a non-SSL configuration.
+Author: anonym <anonym@riseup.net>
+---
+ comm/mail/components/accountcreation/content/readFromXML.js | 10 ++++++++++
+ comm/mailnews/mailnews.js | 6 ++++++
+ 2 files changed, 16 insertions(+)
---- a/comm/mail/components/accountcreation/content/guessConfig.js
-+++ b/comm/mail/components/accountcreation/content/guessConfig.js
-@@ -412,6 +412,7 @@ HostDetector.prototype =
- { "imap" : IMAP, "pop3" : POP, "smtp" : SMTP }, UNKNOWN);
- if (!port)
- port = UNKNOWN;
-+ var ssl_only = Services.prefs.getBoolPref("mailnews.auto_config.ssl_only_mail_servers");
- var ssl = ConvertSocketTypeToSSL(socketType);
- this._cancel = false;
- this._log.info("doing auto detect for protocol " + protocol +
-@@ -435,6 +436,8 @@ HostDetector.prototype =
- for (let j = 0; j < hostEntries.length; j++)
- {
- let hostTry = hostEntries[j]; // from getHostEntry()
-+ if (ssl_only && hostTry.ssl == NONE)
-+ continue;
- hostTry.hostname = hostname;
- hostTry.status = kNotTried;
- hostTry.desc = hostTry.hostname + ":" + hostTry.port +
+diff --git a/comm/mail/components/accountcreation/content/readFromXML.js b/comm/mail/components/accountcreation/content/readFromXML.js
+index 780229f..6a9fef9 100644
--- a/comm/mail/components/accountcreation/content/readFromXML.js
+++ b/comm/mail/components/accountcreation/content/readFromXML.js
-@@ -29,6 +29,8 @@ function readFromXML(clientConfigXML)
+@@ -34,6 +34,8 @@ function readFromXML(clientConfigXML) {
}
var allow_oauth2 =
Services.prefs.getBoolPref("mailnews.auto_config.account_constraints.allow_oauth2");
+ var ssl_only =
-+ Services.prefs.getBoolPref("mailnews.auto_config.ssl_only_mail_servers");
++ Services.prefs.getBoolPref("mailnews.auto_config.sslOnly");
var exception;
- if (typeof(clientConfigXML) != "object" ||
- !("clientConfig" in clientConfigXML) ||
-@@ -92,6 +94,10 @@ function readFromXML(clientConfigXML)
- throw exception ? exception : "need proper <socketType> in XML";
+ if (
+ typeof clientConfigXML != "object" ||
+@@ -115,6 +117,10 @@ function readFromXML(clientConfigXML) {
+ }
exception = null;
+ if (ssl_only && iO.socketType == 1) {
+ continue;
+ }
+
- for (let iXauth of array_or_undef(iX.$authentication))
- {
+ for (let iXauth of array_or_undef(iX.$authentication)) {
try {
-@@ -177,6 +183,10 @@ function readFromXML(clientConfigXML)
- throw exception ? exception : "need proper <socketType> in XML";
+ iO.auth = sanitize.translate(iXauth, {
+@@ -257,6 +263,10 @@ function readFromXML(clientConfigXML) {
+ }
exception = null;
+ if (ssl_only && oO.socketType == 1) {
+ continue;
+ }
+
- for (let oXauth of array_or_undef(oX.$authentication))
- {
+ for (let oXauth of array_or_undef(oX.$authentication)) {
try {
+ oO.auth = sanitize.translate(oXauth, {
+diff --git a/comm/mailnews/mailnews.js b/comm/mailnews/mailnews.js
+index 8f598b2..7dda1ad 100644
--- a/comm/mailnews/mailnews.js
+++ b/comm/mailnews/mailnews.js
-@@ -922,6 +922,12 @@ pref("mailnews.auto_config.guess.enabled
+@@ -969,6 +969,12 @@ pref("mailnews.auto_config.guess.sslOnly", false);
pref("mailnews.auto_config.guess.timeout", 10);
// Whether we allow fetched configurations using OAuth2.
pref("mailnews.auto_config.account_constraints.allow_oauth2", true);
@@ -72,7 +57,7 @@ the consequences of accepting a non-SSL configuration.
+// configurations are never presented to the user; with this option
+// unset, users picking an insecure configuration will get a warning
+// and have to opt-in.
-+pref("mailnews.auto_config.ssl_only_mail_servers", false);
++pref("mailnews.auto_config.sslOnly", false);
// Work around bug 1454325 by disabling mimetype mungling in XmlHttpRequest
pref("dom.xhr.standard_content_type_normalization", false);
diff --git a/debian/patches/secure-account-creation/Add-pref-for-whether-we-accept-OAuth2-during-autocon.patch b/debian/patches/secure-account-creation/Add-pref-for-whether-we-accept-OAuth2-during-autocon.patch
index e8c0228..1cf40e7 100644
--- a/debian/patches/secure-account-creation/Add-pref-for-whether-we-accept-OAuth2-during-autocon.patch
+++ b/debian/patches/secure-account-creation/Add-pref-for-whether-we-accept-OAuth2-during-autocon.patch
@@ -1,6 +1,5 @@
-From bd42ea2e3864f97608530d3f79efb8f816f2c71a Mon Sep 17 00:00:00 2001
-From: anonym <anonym@riseup.net>
-Date: Wed, 27 Feb 2019 10:34:33 +0100
+From: intrigeri <intrigeri@boum.org>
+Date: Sun, 16 Feb 2020 09:23:28 +0000
Subject: [PATCH] Add pref for whether we accept OAuth2 during
autoconfiguration.
@@ -9,40 +8,48 @@ disabled autoconfiguration then result in a terrible UX (e.g. the web
login fails, has to manually alter the authentication method). Let's
provide a pref that discards OAuth2 configurations so e.g. extensions
that disables JavaScript (like TorBirdy) can provide a workaround.
+
+Original author: anonym <anonym@riseup.net>
---
- .../accountcreation/content/emailWizard.js | 56 ++++++++++++----------
- .../accountcreation/content/readFromXML.js | 14 ++++++
+ .../accountcreation/content/emailWizard.js | 64 ++++++++++++----------
+ .../accountcreation/content/readFromXML.js | 13 +++++
comm/mailnews/mailnews.js | 2 +
- 3 files changed, 46 insertions(+), 26 deletions(-)
+ 3 files changed, 49 insertions(+), 30 deletions(-)
+diff --git a/comm/mail/components/accountcreation/content/emailWizard.js b/comm/mail/components/accountcreation/content/emailWizard.js
+index 3780792..86bef64 100644
--- a/comm/mail/components/accountcreation/content/emailWizard.js
+++ b/comm/mail/components/accountcreation/content/emailWizard.js
-@@ -1210,19 +1210,21 @@ EmailConfigWizard.prototype =
+@@ -1432,21 +1432,23 @@ EmailConfigWizard.prototype = {
}
this.fillPortDropdown(config.incoming.type);
-- // If the hostname supports OAuth2 and imap is enabled, enable OAuth2.
+- // If the incoming server hostname supports OAuth2, enable OAuth2 for it.
- let iDetails = OAuth2Providers.getHostnameDetails(config.incoming.hostname);
+- e("in-authMethod-oauth2").hidden = !iDetails;
- if (iDetails) {
-- gEmailWizardLogger.info("OAuth2 details for incoming server " +
-- config.incoming.hostname + " is " + iDetails);
-- }
-- e("in-authMethod-oauth2").hidden = !(iDetails && e("incoming_protocol").value == 1);
-- if (!e("in-authMethod-oauth2").hidden) {
+- gEmailWizardLogger.info(
+- "OAuth2 details for incoming server " +
+- config.incoming.hostname +
+- " is " +
+- iDetails
+- );
- config.oauthSettings = {};
- [config.oauthSettings.issuer, config.oauthSettings.scope] = iDetails;
- // oauthsettings are not stored nor changeable in the user interface, so just
- // store them in the base configuration.
- this._currentConfig.oauthSettings = config.oauthSettings;
+ if (Services.prefs.getBoolPref("mailnews.auto_config.account_constraints.allow_oauth2")) {
-+ // If the hostname supports OAuth2 and imap is enabled, enable OAuth2.
++ // If the incoming server hostname supports OAuth2, enable OAuth2 for it.
+ let iDetails = OAuth2Providers.getHostnameDetails(config.incoming.hostname);
++ e("in-authMethod-oauth2").hidden = !iDetails;
+ if (iDetails) {
-+ gEmailWizardLogger.info("OAuth2 details for incoming server " +
-+ config.incoming.hostname + " is " + iDetails);
-+ }
-+ e("in-authMethod-oauth2").hidden = !(iDetails && e("incoming_protocol").value == 1);
-+ if (!e("in-authMethod-oauth2").hidden) {
++ gEmailWizardLogger.info(
++ "OAuth2 details for incoming server " +
++ config.incoming.hostname +
++ " is " +
++ iDetails
++ );
+ config.oauthSettings = {};
+ [config.oauthSettings.issuer, config.oauthSettings.scope] = iDetails;
+ // oauthsettings are not stored nor changeable in the user interface, so just
@@ -52,32 +59,36 @@ that disables JavaScript (like TorBirdy) can provide a workaround.
}
// outgoing server
-@@ -1241,19 +1243,21 @@ EmailConfigWizard.prototype =
+@@ -1471,21 +1473,23 @@ EmailConfigWizard.prototype = {
this.adjustOutgoingPortToSSLAndProtocol(config);
}
-- // If the hostname supports OAuth2 and imap is enabled, enable OAuth2.
+- // If the smtp hostname supports OAuth2, enable OAuth2 for it.
- let oDetails = OAuth2Providers.getHostnameDetails(config.outgoing.hostname);
-- if (oDetails) {
-- gEmailWizardLogger.info("OAuth2 details for outgoing server " +
-- config.outgoing.hostname + " is " + oDetails);
-- }
- e("out-authMethod-oauth2").hidden = !oDetails;
-- if (!e("out-authMethod-oauth2").hidden) {
+- if (oDetails) {
+- gEmailWizardLogger.info(
+- "OAuth2 details for outgoing server " +
+- config.outgoing.hostname +
+- " is " +
+- oDetails
+- );
- config.oauthSettings = {};
- [config.oauthSettings.issuer, config.oauthSettings.scope] = oDetails;
- // oauthsettings are not stored nor changeable in the user interface, so just
- // store them in the base configuration.
- this._currentConfig.oauthSettings = config.oauthSettings;
+ if (Services.prefs.getBoolPref("mailnews.auto_config.account_constraints.allow_oauth2")) {
-+ // If the hostname supports OAuth2 and imap is enabled, enable OAuth2.
++ // If the smtp hostname supports OAuth2, enable OAuth2 for it.
+ let oDetails = OAuth2Providers.getHostnameDetails(config.outgoing.hostname);
-+ if (oDetails) {
-+ gEmailWizardLogger.info("OAuth2 details for outgoing server " +
-+ config.outgoing.hostname + " is " + oDetails);
-+ }
+ e("out-authMethod-oauth2").hidden = !oDetails;
-+ if (!e("out-authMethod-oauth2").hidden) {
++ if (oDetails) {
++ gEmailWizardLogger.info(
++ "OAuth2 details for outgoing server " +
++ config.outgoing.hostname +
++ " is " +
++ oDetails
++ );
+ config.oauthSettings = {};
+ [config.oauthSettings.issuer, config.oauthSettings.scope] = oDetails;
+ // oauthsettings are not stored nor changeable in the user interface, so just
@@ -87,30 +98,23 @@ that disables JavaScript (like TorBirdy) can provide a workaround.
}
// populate fields even if existingServerKey, in case user changes back
+diff --git a/comm/mail/components/accountcreation/content/readFromXML.js b/comm/mail/components/accountcreation/content/readFromXML.js
+index 8c7ecdd..780229f 100644
--- a/comm/mail/components/accountcreation/content/readFromXML.js
+++ b/comm/mail/components/accountcreation/content/readFromXML.js
-@@ -4,6 +4,8 @@
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
- ChromeUtils.import("resource:///modules/hostnameUtils.jsm");
-+ChromeUtils.import("resource://gre/modules/Services.jsm");
-+
- /* eslint-disable complexity */
-
- /**
-@@ -25,6 +27,8 @@ function readFromXML(clientConfigXML)
+@@ -32,6 +32,8 @@ function readFromXML(clientConfigXML) {
function array_or_undef(value) {
return value === undefined ? [] : value;
}
+ var allow_oauth2 =
+ Services.prefs.getBoolPref("mailnews.auto_config.account_constraints.allow_oauth2");
var exception;
- if (typeof(clientConfigXML) != "object" ||
- !("clientConfig" in clientConfigXML) ||
-@@ -101,6 +105,12 @@ function readFromXML(clientConfigXML)
- "GSSAPI" : Ci.nsMsgAuthMethod.GSSAPI,
- "NTLM" : Ci.nsMsgAuthMethod.NTLM,
- "OAuth2" : Ci.nsMsgAuthMethod.OAuth2 });
+ if (
+ typeof clientConfigXML != "object" ||
+@@ -126,6 +128,12 @@ function readFromXML(clientConfigXML) {
+ NTLM: Ci.nsMsgAuthMethod.NTLM,
+ OAuth2: Ci.nsMsgAuthMethod.OAuth2,
+ });
+
+ if (!allow_oauth2 && iO.auth == Ci.nsMsgAuthMethod.OAuth2) {
+ iO.auth = null;
@@ -118,11 +122,11 @@ that disables JavaScript (like TorBirdy) can provide a workaround.
+ }
+
break; // take first that we support
- } catch (e) { exception = e; }
- }
-@@ -188,6 +198,11 @@ function readFromXML(clientConfigXML)
- "OAuth2" : Ci.nsMsgAuthMethod.OAuth2,
- });
+ } catch (e) {
+ exception = e;
+@@ -269,6 +277,11 @@ function readFromXML(clientConfigXML) {
+ OAuth2: Ci.nsMsgAuthMethod.OAuth2,
+ });
+ if (!allow_oauth2 && oO.auth == Ci.nsMsgAuthMethod.OAuth2) {
+ oO.auth = null;
@@ -130,14 +134,16 @@ that disables JavaScript (like TorBirdy) can provide a workaround.
+ }
+
break; // take first that we support
- } catch (e) { exception = e; }
- }
+ } catch (e) {
+ exception = e;
+diff --git a/comm/mailnews/mailnews.js b/comm/mailnews/mailnews.js
+index bde86d3..8f598b2 100644
--- a/comm/mailnews/mailnews.js
+++ b/comm/mailnews/mailnews.js
-@@ -918,6 +918,8 @@ pref("mailnews.auto_config.ssl_only_conf
- // protocol default ports and common domain practices
- // (e.g. {mail,pop,imap,smtp}.<email-domain>).
- pref("mailnews.auto_config.guess.enabled", true);
+@@ -967,6 +967,8 @@ pref("mailnews.auto_config.guess.enabled", true);
+ pref("mailnews.auto_config.guess.sslOnly", false);
+ // The timeout (in seconds) for each guess
+ pref("mailnews.auto_config.guess.timeout", 10);
+// Whether we allow fetched configurations using OAuth2.
+pref("mailnews.auto_config.account_constraints.allow_oauth2", true);
// Work around bug 1454325 by disabling mimetype mungling in XmlHttpRequest
diff --git a/debian/patches/secure-account-creation/Also-fetch-ISP-configuration-using-SSL.patch b/debian/patches/secure-account-creation/Also-fetch-ISP-configuration-using-SSL.patch
deleted file mode 100644
index 80fc53f..0000000
--- a/debian/patches/secure-account-creation/Also-fetch-ISP-configuration-using-SSL.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-From d92fb58922f0abd9f1b7f27b0506a146b49a6a98 Mon Sep 17 00:00:00 2001
-From: anonym <anonym@riseup.net>
-Date: Wed, 27 Feb 2019 10:14:20 +0100
-Subject: [PATCH] Also fetch ISP configuration using SSL.
-
-Now we support ISPs who only serve .well-known over SSL.
-
-This also increases defenses against eavesdroppers somewhat (who could
-snoop your username [0]), but for active attackers the "downgrade"
-attack that forces plaintext is trivial: just block all SSL
-traffic. So a Man-in-the-middle still gets full control over the
-client configuration.
-
-It would be reasonable to only do SSL by default, but it is not an
-option in certain enterprise deployments, so instead we allow
-security-focused distributions (and extensions like TorBirdy) to
-control the behavior via a new boolean pref:
-
- mailnews.auto_config.ssl_only_config_servers
-
-When set to true ISP fetches are done using SSL only, but it defaults
-to false which allows insecure fetches as well.
-
-[0] See the mailnews.auto_config.fetchFromISP.sendEmailAddress pref.
----
- .../accountcreation/content/fetchConfig.js | 32 +++++++++++-----------
- comm/mailnews/mailnews.js | 13 ++++++---
- 2 files changed, 25 insertions(+), 20 deletions(-)
-
---- a/comm/mail/components/accountcreation/content/fetchConfig.js
-+++ b/comm/mail/components/accountcreation/content/fetchConfig.js
-@@ -65,11 +65,16 @@ function fetchConfigFromISP(domain, emai
- return new Abortable();
- }
-
-- let url1 = "http://autoconfig." + sanitize.hostname(domain) +
-- "/mail/config-v1.1.xml";
-+ let conf1 = "autoconfig." + sanitize.hostname(domain) +
-+ "/mail/config-v1.1.xml";
- // .well-known/ <http://tools.ietf.org/html/draft-nottingham-site-meta-04>
-- let url2 = "http://" + sanitize.hostname(domain) +
-- "/.well-known/autoconfig/mail/config-v1.1.xml";
-+ let conf2 = sanitize.hostname(domain) +
-+ "/.well-known/autoconfig/mail/config-v1.1.xml";
-+ // This list is sorted by priority
-+ var urls = ["https://" + conf1, "https://" + conf2];
-+ if (!Services.prefs.getBoolPref("mailnews.auto_config.ssl_only_config_servers")) {
-+ urls.push("http://" + conf1, "http://" + conf2);
-+ }
- let callArgs = {
- urlArgs: {
- emailaddress: emailAddress,
-@@ -85,18 +90,13 @@ function fetchConfigFromISP(domain, emai
- let priority = new PriorityOrderAbortable(
- xml => successCallback(readFromXML(xml)),
- errorCallback);
--
-- call = priority.addCall();
-- fetch = new FetchHTTP(url1, callArgs,
-- call.successCallback(), call.errorCallback());
-- call.setAbortable(fetch);
-- fetch.start();
--
-- call = priority.addCall();
-- fetch = new FetchHTTP(url2, callArgs,
-- call.successCallback(), call.errorCallback());
-- call.setAbortable(fetch);
-- fetch.start();
-+ for (let url of urls) {
-+ call = priority.addCall();
-+ fetch = new FetchHTTP(url, callArgs,
-+ call.successCallback(), call.errorCallback());
-+ call.setAbortable(fetch);
-+ fetch.start();
-+ }
-
- return priority;
- }
---- a/comm/mailnews/mailnews.js
-+++ b/comm/mailnews/mailnews.js
-@@ -898,16 +898,21 @@ pref("mailnews.auto_config_url", "https:
- pref("mailnews.mx_service_url", "https://live.thunderbird.net/dns/mx/");
- // The list of addons which can handle certain account types
- pref("mailnews.auto_config.addons_url", "https://live.thunderbird.net/autoconfig/addons.json");
--// Allow to contact ISP (email address domain)
--// This happens via insecure means (HTTP), so the config cannot be trusted,
--// and also contains the email address
-+// Whether to contact the ISP (email address domain).
-+// This may happen via insecure means (HTTP) susceptible to eavesdropping and MitM.
- pref("mailnews.auto_config.fetchFromISP.enabled", true);
--// Allow the fetch from ISP via HTTP, but not the email address
-+// Whether we tell the ISP our username. Note that the username will
-+// leak in plaintext if a non-SSL fetch is performed.
- pref("mailnews.auto_config.fetchFromISP.sendEmailAddress", true);
- // Allow the Microsoft Exchange AutoDiscover protocol.
- // This also sends the email address and password to the server,
- // which the protocol unfortunately requires in practice.
- pref("mailnews.auto_config.fetchFromExchange.enabled", true);
-+// Whether we will only allow SSL channels when fetching.
-+// When false an active attacker can block non-SSL fetches and then
-+// MitM the HTTP fetch, granting the attacker full control over the
-+// client configuration.
-+pref("mailnews.auto_config.ssl_only_config_servers", false);
- // Whether we will attempt to guess the account configuration based on
- // protocol default ports and common domain practices
- // (e.g. {mail,pop,imap,smtp}.<email-domain>).
diff --git a/debian/patches/secure-account-creation/Avoid-local-timestamp-disclosure-in-Date-header.patch b/debian/patches/secure-account-creation/Avoid-local-timestamp-disclosure-in-Date-header.patch
new file mode 100644
index 0000000..05e675a
--- /dev/null
+++ b/debian/patches/secure-account-creation/Avoid-local-timestamp-disclosure-in-Date-header.patch
@@ -0,0 +1,101 @@
+From: segfault <segfault@riseup.net>
+Date: Wed, 27 Nov 2019 16:47:24 +0100
+Subject: [PATCH] Bug 902573 - Avoid local timestamp disclosure in Date header
+
+This patch is based on the patch "Bug 902573 - Avoid local timestamp disclosure in Date header".
+Link to the original patch: https://bug902573.bmoattachments.org/attachment.cgi?id=8684089
+The original author is Arthur Edelstein <arthuredelstein@gmail.com>.
+It is licensed under Mozilla Public License Version 2.0:
+https://www.mozilla.org/en-US/MPL/
+
+---
+ comm/mailnews/mailnews.js | 7 +++++++
+ comm/mailnews/mime/jsmime/jsmime.js | 42 +++++++++++++++++++++++++++++--------
+ 2 files changed, 40 insertions(+), 9 deletions(-)
+
+diff --git a/comm/mailnews/mailnews.js b/comm/mailnews/mailnews.js
+index 7dda1ad..2673c8b 100644
+--- a/comm/mailnews/mailnews.js
++++ b/comm/mailnews/mailnews.js
+@@ -1029,3 +1029,10 @@ pref("mail.imap.qos", 0);
+
+ // PgpMime Addon
+ pref("mail.pgpmime.addon_url", "https://addons.mozilla.org/addon/enigmail/");
++
++// When the following pref is enabled, the Date header in
++// new messages is rounded down to the most recent whole
++// minute, and is expressed in GMT regardless of the user's
++// local time zone. These measures are taken to make tracking
++// the user across accounts more difficult.
++pref("mail.mime.avoid_fingerprinting", false);
+diff --git a/comm/mailnews/mime/jsmime/jsmime.js b/comm/mailnews/mime/jsmime/jsmime.js
+index 75ee0c8..74183b8 100644
+--- a/comm/mailnews/mime/jsmime/jsmime.js
++++ b/comm/mailnews/mime/jsmime/jsmime.js
+@@ -3450,9 +3450,34 @@
+ throw new Error("Cannot encode an invalid date");
+ }
+
++ let fullYear, month, dayOfMonth, dayOfWeek, hours, minutes, seconds,
++ tzOffset;
++
++ if (Services.prefs.getBoolPref("mail.mime.avoid_fingerprinting")) {
++ fullYear = date.getUTCFullYear();
++ month = date.getUTCMonth();
++ dayOfMonth = date.getUTCDate();
++ dayOfWeek = date.getUTCDay();
++ hours = date.getUTCHours();
++ minutes = date.getUTCMinutes();
++ // To reduce the chance of fingerprinting the clock offset,
++ // round the time down to the nearest minute.
++ seconds = 0;
++ tzOffset = 0;
++ } else {
++ fullYear = date.getFullYear();
++ month = date.getMonth();
++ dayOfMonth = date.getDate();
++ dayOfWeek = date.getDay();
++ hours = date.getHours();
++ minutes = date.getMinutes();
++ seconds = date.getSeconds();
++ tzOffset = date.getTimezoneOffset();
++ }
++
+ // RFC 5322 says years can't be before 1900. The after 9999 is a bit that
+ // derives from the specification saying that years have 4 digits.
+- if (date.getFullYear() < 1900 || date.getFullYear() > 9999) {
++ if (fullYear < 1900 || fullYear > 9999) {
+ throw new Error("Date year is out of encodable range");
+ }
+
+@@ -3460,7 +3485,6 @@
+ // the the 0-padding is done by hand. Note that the tzoffset we output is in
+ // the form ±hhmm, so we need to separate the offset (in minutes) into an hour
+ // and minute pair.
+- let tzOffset = date.getTimezoneOffset();
+ let tzOffHours = Math.abs(Math.trunc(tzOffset / 60));
+ let tzOffMinutes = Math.abs(tzOffset) % 60;
+ let tzOffsetStr =
+@@ -3471,15 +3495,15 @@
+ // Convert the day-time figure into a single value to avoid unwanted line
+ // breaks in the middle.
+ let dayTime = [
+- kDaysOfWeek[date.getDay()] + ",",
+- date.getDate(),
+- mimeutils.kMonthNames[date.getMonth()],
+- date.getFullYear(),
+- padTo2Digits(date.getHours()) +
++ kDaysOfWeek[dayOfWeek] + ",",
++ dayOfMonth,
++ mimeutils.kMonthNames[month],
++ fullYear,
++ padTo2Digits(hours) +
+ ":" +
+- padTo2Digits(date.getMinutes()) +
++ padTo2Digits(minutes) +
+ ":" +
+- padTo2Digits(date.getSeconds()),
++ padTo2Digits(seconds),
+ tzOffsetStr,
+ ].join(" ");
+ this.addText(dayTime, false);
diff --git a/debian/patches/secure-account-creation/Avoid-spellchecking-language-disclosure-in-Content-Language-header.patch b/debian/patches/secure-account-creation/Avoid-spellchecking-language-disclosure-in-Content-Language-header.patch
new file mode 100644
index 0000000..2ad48d4
--- /dev/null
+++ b/debian/patches/secure-account-creation/Avoid-spellchecking-language-disclosure-in-Content-Language-header.patch
@@ -0,0 +1,27 @@
+From: segfault <segfault@riseup.net>
+Date: Wed, 27 Nov 2019 23:37:55 +0100
+Subject: [PATCH] Bug 1370217 - Avoid spellchecking language disclosure in
+ Content-Language header
+
+---
+ comm/mail/components/compose/content/MsgComposeCommands.js | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/comm/mail/components/compose/content/MsgComposeCommands.js b/comm/mail/components/compose/content/MsgComposeCommands.js
+index ba73704..170ca9c 100644
+--- a/comm/mail/components/compose/content/MsgComposeCommands.js
++++ b/comm/mail/components/compose/content/MsgComposeCommands.js
+@@ -2868,9 +2868,10 @@ function ComposeStartup(aParams) {
+ // Update the language in the composition fields, so we can save it
+ // to the draft next time.
+ if (gMsgCompose && gMsgCompose.compFields) {
+- gMsgCompose.compFields.contentLanguage = document.documentElement.getAttribute(
+- "lang"
+- );
++ let lang = Services.prefs.getBoolPref("mail.mime.avoid_fingerprinting")
++ ? "en-US"
++ : document.documentElement.getAttribute("lang");
++ gMsgCompose.compFields.contentLanguage = lang;
+ }
+ }
+ });
diff --git a/debian/patches/secure-account-creation/Improve-logging-of-guess-instances.patch b/debian/patches/secure-account-creation/Improve-logging-of-guess-instances.patch
deleted file mode 100644
index 51bbe14..0000000
--- a/debian/patches/secure-account-creation/Improve-logging-of-guess-instances.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From 262f0bc5f69a57d9dc07e0e4ee9ff3d5528a450a Mon Sep 17 00:00:00 2001
-From: anonym <anonym@riseup.net>
-Date: Wed, 27 Feb 2019 10:49:36 +0100
-Subject: [PATCH] Improve logging of guess instances.
-
-The logging done in _processResult() is pretty useless since they
-contain no reference to which probe they're about.
-
---- a/comm/mail/components/accountcreation/content/emailWizard.js
-+++ b/comm/mail/components/accountcreation/content/emailWizard.js
-@@ -670,8 +670,9 @@ EmailConfigWizard.prototype =
- self._abortable = guessConfig(domain,
- function(type, hostname, port, ssl, done, config) // progress
- {
-- gEmailWizardLogger.info("progress callback host " + hostname +
-- " port " + port + " type " + type);
-+ var msg = hostname + ":" + port + " ssl=" + ssl + " " +
-+ type + ": progress callback";
-+ gEmailWizardLogger.info(msg);
- },
- function(config) // success
- {
---- a/comm/mail/components/accountcreation/content/guessConfig.js
-+++ b/comm/mail/components/accountcreation/content/guessConfig.js
-@@ -437,6 +437,9 @@ HostDetector.prototype =
- let hostTry = hostEntries[j]; // from getHostEntry()
- hostTry.hostname = hostname;
- hostTry.status = kNotTried;
-+ hostTry.desc = hostTry.hostname + ":" + hostTry.port +
-+ " ssl=" + hostTry.ssl + " " +
-+ protocolToString(hostTry.protocol);
- this._hostsToTry.push(hostTry);
- }
- }
-@@ -460,9 +463,7 @@ HostDetector.prototype =
- let thisTry = this._hostsToTry[i]; // {HostTry}
- if (thisTry.status != kNotTried)
- continue;
-- this._log.info("poking at " + thisTry.hostname + " port " +
-- thisTry.port + " ssl "+ thisTry.ssl + " protocol " +
-- protocolToString(thisTry.protocol));
-+ this._log.info(thisTry.desc + ": initializing probe...");
- if (i == 0) // showing 50 servers at once is pointless
- this.mProgressCallback(thisTry);
-
-@@ -491,7 +492,7 @@ HostDetector.prototype =
- {
- if (me._cancel)
- return; // who set cancel to true already called mErrorCallback()
-- me._log.warn(e);
-+ me._log.warn(thisTry.desc + ": " + e);
- thisTry.status = kFailed;
- me._checkFinished();
- });
-@@ -533,7 +534,7 @@ HostDetector.prototype =
- if (thisTry._gotCertError == Ci.nsICertOverrideService.ERROR_UNTRUSTED ||
- thisTry._gotCertError == Ci.nsICertOverrideService.ERROR_TIME)
- {
-- this._log.info("TRYING AGAIN, hopefully with exception recorded");
-+ this._log.info(thisTry.desc + ": TRYING AGAIN, hopefully with exception recorded");
- thisTry._gotCertError = 0;
- thisTry.selfSignedCert = true; // _next_ run gets this exception
- thisTry.status = kNotTried; // try again (with exception)
-@@ -544,22 +545,20 @@ HostDetector.prototype =
-
- if (wiredata == null || wiredata === undefined)
- {
-- this._log.info("no data");
-+ this._log.info(thisTry.desc + ": no data");
- thisTry.status = kFailed;
- return;
- }
-- this._log.info("wiredata: " + wiredata.join(""));
-+ this._log.info(thisTry.desc + ": wiredata: " + wiredata.join(""));
- thisTry.authMethods =
- this._advertisesAuthMethods(thisTry.protocol, wiredata);
- if (thisTry.ssl == TLS && !this._hasTLS(thisTry, wiredata))
- {
-- this._log.info("STARTTLS wanted, but not offered");
-+ this._log.info(thisTry.desc + ": STARTTLS wanted, but not offered");
- thisTry.status = kFailed;
- return;
- }
-- this._log.info("success with " + thisTry.hostname + ":" +
-- thisTry.port + " " + protocolToString(thisTry.protocol) +
-- " ssl " + thisTry.ssl +
-+ this._log.info(thisTry.desc + ": success" +
- (thisTry.selfSignedCert ? " (selfSignedCert)" : ""));
- thisTry.status = kSuccess;
-
-@@ -568,7 +567,8 @@ HostDetector.prototype =
- // earlier we get into an infinite loop, probably because the cert
- // remembering is temporary and the next try gets a new connection which
- // isn't covered by that temporariness.
-- this._log.info("clearing validity override for " + thisTry.hostname);
-+ this._log.info(thisTry.desc + ": clearing validity override for " +
-+ thisTry.hostname);
- Cc["@mozilla.org/security/certoverride;1"]
- .getService(Ci.nsICertOverrideService)
- .clearValidityOverride(thisTry.hostname, thisTry.port);
diff --git a/debian/patches/secure-account-creation/Invalidate-config-when-restarting-autoconfiguration.patch b/debian/patches/secure-account-creation/Invalidate-config-when-restarting-autoconfiguration.patch
deleted file mode 100644
index 99c37fc..0000000
--- a/debian/patches/secure-account-creation/Invalidate-config-when-restarting-autoconfiguration.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 33b1b55ed52c1f7d6dac1b382058d82188ef524c Mon Sep 17 00:00:00 2001
-From: anonym <anonym@riseup.net>
-Date: Wed, 27 Feb 2019 09:30:10 +0100
-Subject: [PATCH] Invalidate config when restarting autoconfiguration.
-
-Otherwise residual data from previous attempts can leak into following
-attempts, e.g.:
-
-1. Try "a@a.a"
-2. All methods fail, so we end up in "manual edit" mode
-3. Note that Server hostname == "a.a", which is expected
-4. Then start over by changing the email to "b@b.b"
-5. All methods fail, so we end up in "manual edit" mode
-6. Note that Server hostname == "a.a", but should be "b.b"
----
- comm/mail/components/accountcreation/content/emailWizard.js | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/comm/mail/components/accountcreation/content/emailWizard.js
-+++ b/comm/mail/components/accountcreation/content/emailWizard.js
-@@ -406,6 +406,7 @@ EmailConfigWizard.prototype =
- */
- onStartOver : function()
- {
-+ this._currentConfig = null;
- if (this._abortable) {
- this.onStop();
- }
diff --git a/debian/patches/secure-account-creation/Make-use-of-non-SSL-Exchange-AutoDiscover-methods-op.patch b/debian/patches/secure-account-creation/Make-use-of-non-SSL-Exchange-AutoDiscover-methods-op.patch
index 37cb7b3..cee5e3f 100644
--- a/debian/patches/secure-account-creation/Make-use-of-non-SSL-Exchange-AutoDiscover-methods-op.patch
+++ b/debian/patches/secure-account-creation/Make-use-of-non-SSL-Exchange-AutoDiscover-methods-op.patch
@@ -1,4 +1,3 @@
-From d3a3855b1ddbd3fa445e463d23082abda2e0d921 Mon Sep 17 00:00:00 2001
From: anonym <anonym@riseup.net>
Date: Wed, 27 Feb 2019 16:15:59 +0100
Subject: [PATCH] Make use of non-SSL Exchange AutoDiscover methods optional.
@@ -6,42 +5,39 @@ Subject: [PATCH] Make use of non-SSL Exchange AutoDiscover methods optional.
If an attacker does a MitM they can presumably modify the Exchange
server's HTTP response to redirect to an attacker controller Exchange
server instead. So let's provide protection against this via the
-mailnews.auto_config.ssl_only_config_servers pref.
+mailnews.auto_config.sslOnly pref.
---
- .../accountcreation/content/exchangeAutoDiscover.js | 12 +++++++-----
- comm/mailnews/mailnews.js | 3 ++-
- 2 files changed, 9 insertions(+), 6 deletions(-)
+ .../accountcreation/content/exchangeAutoDiscover.js | 20 +++++++++++---------
+ 1 file changed, 11 insertions(+), 9 deletions(-)
+diff --git a/comm/mail/components/accountcreation/content/exchangeAutoDiscover.js b/comm/mail/components/accountcreation/content/exchangeAutoDiscover.js
+index f9d2a6e..4c3e1ce 100644
--- a/comm/mail/components/accountcreation/content/exchangeAutoDiscover.js
+++ b/comm/mail/components/accountcreation/content/exchangeAutoDiscover.js
-@@ -97,11 +97,13 @@ function fetchConfigFromExchange(domain,
+@@ -127,15 +127,17 @@ function fetchConfigFromExchange(
fetch.start();
call.setAbortable(fetch);
- call = priority.addCall();
-- fetch3 = new FetchHTTP(url3, callArgs,
-- call.successCallback(), call.errorCallback());
+- fetch3 = new FetchHTTP(
+- url3,
+- callArgs,
+- call.successCallback(),
+- call.errorCallback()
+- );
- fetch3.start();
- call.setAbortable(fetch3);
-+ if (!Services.prefs.getBoolPref("mailnews.auto_config.ssl_only_config_servers")) {
++ if (!Services.prefs.getBoolPref("mailnews.auto_config.sslOnly")) {
+ call = priority.addCall();
-+ fetch3 = new FetchHTTP(url3, callArgs,
-+ call.successCallback(), call.errorCallback());
++ fetch3 = new FetchHTTP(
++ url3,
++ callArgs,
++ call.successCallback(),
++ call.errorCallback()
++ );
+ fetch3.start();
+ call.setAbortable(fetch3);
+ }
// url3 is an HTTP URL that will redirect to the real one, usually a HTTPS
// URL of the hoster. XMLHttpRequest unfortunately loses the call
---- a/comm/mailnews/mailnews.js
-+++ b/comm/mailnews/mailnews.js
-@@ -908,7 +908,8 @@ pref("mailnews.auto_config.fetchFromISP.
- // This also sends the email address and password to the server,
- // which the protocol unfortunately requires in practice.
- pref("mailnews.auto_config.fetchFromExchange.enabled", true);
--// Whether we will only allow SSL channels when fetching.
-+// Whether we will only allow SSL channels when fetching ISP configs
-+// or using the Microsoft Exchange AutoDiscover protocol.
- // When false an active attacker can block non-SSL fetches and then
- // MitM the HTTP fetch, granting the attacker full control over the
- // client configuration.
diff --git a/debian/patches/secure-account-creation/Prefer-fetched-configurations-using-SSL-over-plainte.patch b/debian/patches/secure-account-creation/Prefer-fetched-configurations-using-SSL-over-plainte.patch
index 1ba6a7f..8999ee8 100644
--- a/debian/patches/secure-account-creation/Prefer-fetched-configurations-using-SSL-over-plainte.patch
+++ b/debian/patches/secure-account-creation/Prefer-fetched-configurations-using-SSL-over-plainte.patch
@@ -1,37 +1,36 @@
-From d333d5a79b41809798d692b22ae0a2fc85723c0f Mon Sep 17 00:00:00 2001
From: anonym <anonym@riseup.net>
Date: Wed, 27 Feb 2019 09:45:04 +0100
Subject: [PATCH] Prefer fetched configurations using SSL over plaintext.
---
- comm/mail/components/accountcreation/content/readFromXML.js | 12 ++++++++++--
- 1 file changed, 10 insertions(+), 2 deletions(-)
+ comm/mail/components/accountcreation/content/readFromXML.js | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+diff --git a/comm/mail/components/accountcreation/content/readFromXML.js b/comm/mail/components/accountcreation/content/readFromXML.js
+index 76b553b..8c7ecdd 100644
--- a/comm/mail/components/accountcreation/content/readFromXML.js
+++ b/comm/mail/components/accountcreation/content/readFromXML.js
-@@ -77,7 +77,11 @@ function readFromXML(clientConfigXML)
- try {
- iO.socketType = sanitize.translate(iXsocketType,
- { plain : 1, SSL: 2, STARTTLS: 3 });
+@@ -100,7 +100,10 @@ function readFromXML(clientConfigXML) {
+ SSL: 2,
+ STARTTLS: 3,
+ });
- break; // take first that we support
-+
+ if (iO.socketType != 1) {
+ // pick first non-plaintext protocol, if available
+ break;
+ }
- } catch (e) { exception = e; }
- }
- if (!iO.socketType)
-@@ -152,7 +156,11 @@ function readFromXML(clientConfigXML)
- try {
- oO.socketType = sanitize.translate(oXsocketType,
- { plain : 1, SSL: 2, STARTTLS: 3 });
+ } catch (e) {
+ exception = e;
+ }
+@@ -233,7 +236,10 @@ function readFromXML(clientConfigXML) {
+ SSL: 2,
+ STARTTLS: 3,
+ });
- break; // take first that we support
-+
+ if (oO.socketType != 1) {
+ // pick first non-plaintext protocol, if available
+ break;
+ }
- } catch (e) { exception = e; }
- }
- if (!oO.socketType)
+ } catch (e) {
+ exception = e;
+ }
diff --git a/debian/patches/series b/debian/patches/series
index 25e2d9d..449ca14 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -37,13 +37,9 @@ porting-armhf/Don-t-use-LLVM-internal-assembler-on-armhf.patch
porting-arm/Reduce-memory-usage-while-linking-on-arm-el-hf-platforms.patch
debian-hacks/Make-Thunderbird-build-reproducible.patch
fixes/Bug-1531309-Don-t-use-__PRETTY_FUNCTION__-or-__FUNCTION__.patch
-secure-account-creation/Invalidate-config-when-restarting-autoconfiguration.patch
-secure-account-creation/Add-comment-for-pref.patch
secure-account-creation/Prefer-fetched-configurations-using-SSL-over-plainte.patch
-secure-account-creation/Also-fetch-ISP-configuration-using-SSL.patch
secure-account-creation/Make-use-of-non-SSL-Exchange-AutoDiscover-methods-op.patch
secure-account-creation/Add-pref-for-whether-we-accept-OAuth2-during-autocon.patch
-secure-account-creation/Add-SOCKS-proxy-support-for-account-guessing.patch
-secure-account-creation/Add-pref-for-setting-the-autoconfiguration-guess-tim.patch
-secure-account-creation/Improve-logging-of-guess-instances.patch
secure-account-creation/Add-pref-for-whether-to-accept-plaintext-protocols-d.patch
+secure-account-creation/Avoid-local-timestamp-disclosure-in-Date-header.patch
+secure-account-creation/Avoid-spellchecking-language-disclosure-in-Content-Language-header.patch