Project

General

Profile

Feature #6156

Upstream secure Icedove autoconfig wizard

Added by Tails over 4 years ago. Updated 29 days ago.

Status:
In Progress
Priority:
Elevated
Assignee:
Category:
-
Target version:
Start date:
05/19/2016
Due date:
% Done:

50%

QA Check:
Feature Branch:
Type of work:
Communicate
Blueprint:
Starter:
No
Affected tool:
Email Client

Description

Try to get these patches merged upstream, preferably to Mozilla, but Debian would also be OK.


Subtasks

Bug #11450: Update the Icedove account setup wizard security patches according to what'll be decided upstreamResolvedu

Bug #12151: Get Thunderbird's test suite running and test our patchesConfirmedanonym


Related issues

Related to Tails - Feature #6150: Help Tor people upstream the Torbirdy patches Resolved
Related to Tails - Feature #7064: Update our plans for securing Icedove's autoconfig wizard wrt. recent developments Resolved
Blocks Tails - Bug #11481: Alert TorBirdy devs about Icedove upstream patch prefs Confirmed 05/24/2016
Blocked by Tails - Bug #11536: Icedove autoconfiguration is broken for ISPs serving a OAuth config Resolved 06/17/2016

Associated revisions

Revision 8a9de848 (diff)
Added by anonym over 1 year ago

Pin Icedove to be installed from our APT repo.

Debian's Icedove packages still do not have our secure Icedove
autoconfig wizard patches applied, so installing them would be a
serious security regression.

Refs: #6156
Will-fix: #11613

History

#1 Updated by intrigeri over 4 years ago

  • Parent task set to #5663

#2 Updated by intrigeri over 4 years ago

  • Type of work changed from Wait to Code

#3 Updated by intrigeri about 4 years ago

  • Type of work changed from Code to Upstream
  • Starter set to No

#4 Updated by intrigeri about 4 years ago

  • Subject changed from upstream secure Icedove autoconfig wizard to Upstream secure Icedove autoconfig wizard

#5 Updated by intrigeri over 3 years ago

  • Category set to 212

#6 Updated by intrigeri about 3 years ago

  • Type of work changed from Upstream to Code

#7 Updated by BitingBird almost 3 years ago

I think the type of work is communicate, since at least in Debian I see no big report, but I'm not sure so I let it as is for now.

#8 Updated by intrigeri almost 3 years ago

  • Type of work changed from Code to Communicate

#9 Updated by intrigeri over 2 years ago

  • Assignee set to u
  • Target version set to 246

#11 Updated by intrigeri over 2 years ago

  • Related to Feature #6150: Help Tor people upstream the Torbirdy patches added

#12 Updated by sajolida about 2 years ago

  • Target version changed from 246 to Tails_2.0

#13 Updated by u almost 2 years ago

  • Target version changed from Tails_2.0 to Tails_2.4

#14 Updated by u almost 2 years ago

Setting realistic target version to 2.4, maximum latest delay would be 2.5.

#15 Updated by intrigeri almost 2 years ago

Today we discussed that this should be started during the 2.2 cycle, span over the 2.3 and 2.4 ones. I would suggest setting a milestone that matches when you should start working on it, instead of one that matches when it should be finished, to prevent any risk that it's forgotten until 2.3 is out. Your call, of course :)

#16 Updated by u almost 2 years ago

  • Related to Feature #7064: Update our plans for securing Icedove's autoconfig wizard wrt. recent developments added

#17 Updated by u almost 2 years ago

  • Status changed from Confirmed to In Progress
  • % Done changed from 0 to 10

#18 Updated by u almost 2 years ago

The current plan is to send our patches with a text to Torbirdy people for a first review with ETA Jan 24th 2016.

Then ideally we would be able to send them to the Thunderbird people and also update the corresponding TPO ticket. I'd also open a Debian bug with the same patches and link it to the upstream bug, so eventually the patches could be included in Debian directly - until upstream has them released.

#20 Updated by intrigeri almost 2 years ago

I've posted the patches upstream today.

Great! A link would be useful next time we need to report about the progress of this task :)

#21 Updated by anonym over 1 year ago

  • Blocked by deleted (Feature #6154: Secure the Icedove autoconfig wizard)

#22 Updated by u over 1 year ago

  • Blocks Bug #11481: Alert TorBirdy devs about Icedove upstream patch prefs added

#23 Updated by u over 1 year ago

  • Target version changed from Tails_2.4 to Tails_2.5

Unlikely that this will happen in time for 2.4. Postponing.

#24 Updated by u over 1 year ago

  • % Done changed from 10 to 20

There has been quite some progress. Our patches have all been reviewed now and only code style improvements were asked for as a result of this review. This makes me think that we're nearly there! We'll work on a modified patchset taking upstream's remarks into account later this week.

#25 Updated by intrigeri over 1 year ago

There has been quite some progress. Our patches have all been reviewed now and only code style improvements were asked for as a result of this review. This makes me think that we're nearly there! We'll work on a modified patchset taking upstream's remarks into account later this week.

Excellent news, glad to read that!

#26 Updated by u over 1 year ago

We've resubmitted a new patchset today which was thouroughly tested by anonym. Waiting for a reply from upstream now. Let's hope for the best.

#27 Updated by u over 1 year ago

  • Target version changed from Tails_2.5 to Tails_2.6

#28 Updated by u over 1 year ago

  • Blocked by Bug #11536: Icedove autoconfiguration is broken for ISPs serving a OAuth config added

#29 Updated by intrigeri over 1 year ago

  • Blocks Bug #11450: Update the Icedove account setup wizard security patches according to what'll be decided upstream added

#30 Updated by intrigeri over 1 year ago

  • Blocks deleted (Bug #11450: Update the Icedove account setup wizard security patches according to what'll be decided upstream)

#31 Updated by u about 1 year ago

I've submitted the latest patchset today. Waiting for upstream again now.

#32 Updated by anonym about 1 year ago

  • Target version changed from Tails_2.6 to Tails_2.7

#33 Updated by u about 1 year ago

Repinged upstream today.

I think that this ticket's deliverable has been accomplished "try hard to upstream the icedove autoconfig wizard". Thus, we'll continue to keep track of it, but not as part of the deliverable.

#34 Updated by u about 1 year ago

  • Parent task deleted (#5663)

#35 Updated by intrigeri about 1 year ago

I think that this ticket's deliverable has been accomplished "try hard to upstream the icedove autoconfig wizard". Thus, we'll continue to keep track of it, but not as part of the deliverable.

Woohoo! \o/

#36 Updated by bertagaz about 1 year ago

intrigeri wrote:

Woohoo! \o/

+1 :)

#37 Updated by u about 1 year ago

  • Target version changed from Tails_2.7 to Tails_2.9.1

postponing

#38 Updated by anonym 12 months ago

  • Target version changed from Tails_2.9.1 to Tails 2.10

#39 Updated by u 11 months ago

  • Target version changed from Tails 2.10 to Tails_2.12

#40 Updated by intrigeri 8 months ago

  • Target version changed from Tails_2.12 to Tails_3.1

I suspect that you folks will have other, more urgent things to do until 3.0 is out, so setting target version to 3.1.

#41 Updated by u 3 months ago

  • Target version changed from Tails_3.1 to Tails_3.3

#42 Updated by anonym 29 days ago

  • Target version changed from Tails_3.3 to Tails_3.5

Also available in: Atom PDF