Thunderbird Update to 91.4.1 breaks Connection to Onion Services

Hi,
after the last update witch upgrades thunderbird from 78.14.0 to thunderbird 91.4.1 thunderbird “failed to connect” to onionservices.
downgrading thunderbird to 78.14.0 with
apt install thunderbird="1:78.14.0-1~deb11u1"
solved the issue but the old profile is not usable anymore. I verified the Issue on 2 different Qubes installations, tryed 2 different onionservices.
OS: Qubes 4.0
Template: whonix-16-ws

Console Log where I try to configure a account in an empty profile with a onionservice as server :

13:36:07.581 Unexpected event profile-after-change URLQueryStrippingListService.jsm:224
    observe resource://gre/modules/URLQueryStrippingListService.jsm:224
13:36:10.625 Successfully loaded OpenPGP library librnp.so version 0.15.2+git20210806.dd923a4e.MZLA from /usr/lib/thunderbird/librnp.so RNPLib.jsm:92:15
13:36:10.863 Found 0 public keys and 0 secret keys (0 protected, 0 unprotected) RNPLib.jsm:288:15
13:36:10.899 Trying to load /usr/lib/thunderbird/libotr.so OTRLib.jsm:64:11
13:36:10.900 Trying to load libotr.so from system's standard library locations OTRLib.jsm:64:11
13:36:10.900 Trying to load libotr.so.5 from system's standard library locations OTRLib.jsm:64:11
13:36:10.903 Successfully loaded OTR library libotr.so.5 from system's standard library locations OTRLib.jsm:72:13
13:36:11.715 Unknown Collection "thunderbird/query-stripping" RemoteSettingsClient.jsm:160
    UnknownCollectionError resource://services-settings/RemoteSettingsClient.jsm:160
    sync resource://services-settings/RemoteSettingsClient.jsm:501
    InterpretGeneratorResume self-hosted:1482
    AsyncFunctionNext self-hosted:692
13:36:17.958 NS_ERROR_FAILURE: Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIURI.host] LoginAutoComplete.jsm:536
    startSearch resource://gre/modules/LoginAutoComplete.jsm:536
13:36:18.240 NS_ERROR_FAILURE: Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIURI.host] LoginAutoComplete.jsm:536
    startSearch resource://gre/modules/LoginAutoComplete.jsm:536
13:36:18.384 NS_ERROR_FAILURE: Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIURI.host] LoginAutoComplete.jsm:536
    startSearch resource://gre/modules/LoginAutoComplete.jsm:536
13:36:18.573 NS_ERROR_FAILURE: Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIURI.host] LoginAutoComplete.jsm:536
13:36:18.632 NS_ERROR_FAILURE: Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIURI.host] LoginAutoComplete.jsm:536
13:37:26.617 Calendar: loadCalendarComponent was called more than once for a single window calendar-chrome-startup.js:38

Just a short in the dark:

Thunderbird → Edit → Preferences → scroll down → Config Editor → search for network.dns.blockDotOnion → set to false

The extend of which Whonix has done modifications:

• anon-apps-config/etc/thunderbird at master · Whonix/anon-apps-config · GitHub
• anon-apps-config/etc/thunderbird/pref/30_whonix.js at master · Whonix/anon-apps-config · GitHub
• anon-apps-config/etc/thunderbird/pref/40_thunderbird.js at master · Whonix/anon-apps-config · GitHub
• anon-apps-config/etc/thunderbird/profile/chrome/userChrome.css at master · Whonix/anon-apps-config · GitHub

Fyi, this Thunderbird update reset a lot of the default Whonix config preferences. Among others, telemetry is re-enabled, so everyone double-check your setup.

As for onion addresses, in addition to Patrick’s advice above, I like to change:
network.dnsCacheEntries–>0
network.dnsCacheExpiration–>0

Woa this worked for me ! Thanks for the fast help

Thunderbird undoing pre-configured settings is pretty bad.

Is there any way we can make sure this doesn’t happen again? Some apt hook that re-applies the Whonix config every update perhaps?

I can probably invent a hook (dpkg trigger) but I wouldn’t know what action hook should apply.

Our current implementation uses the proper API already. It drops configuration files into folder /etc/thunderbird.

Now Thunderbird ignoring these on update is the problem. Seems to be Debian bugs:

• thunderbird: TB 91 won’t read/apply configuration files in /etc/thunderbird/pref/
• thunderbird: ignores locale settings

The hook would run sudo apt-get install --reinstall for config packages to protect them from themselves. I think that is a more robust way to guarantee custom settings remain in place whether the programs are buggy or not.

apt / dpkg cannot be run during apt / dpkg. But let’s suppose such a hook was possible.

I don’t see how package re-installation would have helped here. The package ships files some files.

• /etc/thunderbird/pref/30_whonix.js
• /etc/thunderbird/pref/40_thunderbird.js
• /etc/thunderbird/profile/chrome/userChrome.css

These files do not conflict with the thunderbird packager or any other package. Meaning, nobody else is attempting to overwrite / modify with these files. These config snippets have been properly in place all the time. A package re-install would have had no effect whatsoever.

What did not happen: the thunderbird package overwriting any files dropped by anon-apps-config.

I guess Thunderbird refusing to interpret it’s own configs is an upstream bug that only they can fix.