File MozillaThunderbird.changes of Package MozillaThunderbird.40714
-------------------------------------------------------------------
Thu Sep 18 10:38:51 UTC 2025 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 140.3
  * fixed: Right-clicking 'List-ID' -> 'Unsubscribe' created
    double encoded draft subject (bmo#1975510)
  * fixed: Thunderbird could crash on startup (bmo#1980814)
  * fixed: Thunderbird could crash when importing mail
    (bmo#1970046)
  * fixed: Opening Website header link in RSS feed incorrectly
    re-encoded URL parameters (bmo#1971035)
  * fixed: Security fixes
  MFSA 2025-78 (bsc#1249391)
  * CVE-2025-10527 (bmo#1984825)
    Sandbox escape due to use-after-free in the Graphics:
    Canvas2D component
  * CVE-2025-10528 (bmo#1986185)
    Sandbox escape due to undefined behavior, invalid pointer in
    the Graphics: Canvas2D component
  * CVE-2025-10529 (bmo#1970490)
    Same-origin policy bypass in the Layout component
  * CVE-2025-10532 (bmo#1979502)
    Incorrect boundary conditions in the JavaScript: GC component
  * CVE-2025-10533 (bmo#1980788)
    Integer overflow in the SVG component
  * CVE-2025-10536 (bmo#1981502)
    Information disclosure in the Networking: Cache component
  * CVE-2025-10537 (bmo#1938220, bmo#1980730, bmo#1981280,
    bmo#1981283, bmo#1984505, bmo#1985067)
    Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird
    ESR 140.3, Firefox 143 and Thunderbird 143
-------------------------------------------------------------------
Wed Aug 20 11:25:22 UTC 2025 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 140.2
  * fixed: Users were unable to use Fastmail calendars due to
    missing OAuth settings (bmo#1978192)
  * fixed: Account setup error handling was broken for Account
    hub (bmo#1971303)
  * fixed: Menu bar was hidden after updating from 128esr to
    140esr (bmo#1979002)
  * fixed: Security fixes
  MFSA 2025-72 (bsc#1248162)
  * CVE-2025-9179 (bmo#1979527)
    Sandbox escape due to invalid pointer in the Audio/Video: GMP
    component
  * CVE-2025-9180 (bmo#1979782)
    Same-origin policy bypass in the Graphics: Canvas2D component
  * CVE-2025-9181 (bmo#1977130)
    Uninitialized memory in the JavaScript Engine component
  * CVE-2025-9182 (bmo#1975837)
    Denial-of-service due to out-of-memory in the Graphics:
    WebRender component
  * CVE-2025-9184 (bmo#1929482, bmo#1976376, bmo#1979163,
    bmo#1979955)
    Memory safety bugs fixed in Firefox ESR 140.2, Thunderbird
    ESR 140.2, Firefox 142 and Thunderbird 142
  * CVE-2025-9185 (bmo#1970154, bmo#1976782, bmo#1977166)
    Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR
    128.14, Thunderbird ESR 128.14, Firefox ESR 140.2,
    Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142
-------------------------------------------------------------------
Fri Aug  1 06:08:58 UTC 2025 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Add patch mozilla-kde-force-xdg-portal.patch to switch to using
  xdg-desktop-portal file-picker on KDE on SLE-15 (bsc#1226112)
-------------------------------------------------------------------
Mon Jul 28 08:30:33 UTC 2025 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 140.1
  * fixed: New folders were not added alphabetically if folders
    manually reordered beforehand (bmo#1973085)
  * fixed: Message archive folder creation could silently stop
    during async folder creation (bmo#1971248)
  * fixed: Security fixes
  MFSA 2025-63 (bsc#1246664)
  * CVE-2025-8027 (bmo#1968423)
    JavaScript engine only wrote partial return value to stack
  * CVE-2025-8028 (bmo#1971581)
    Large branch table could lead to truncated instruction
  * CVE-2025-8029 (bmo#1928021)
    javascript: URLs executed on object and embed tags
  * CVE-2025-8036 (bmo#1960834)
    DNS rebinding circumvents CORS
  * CVE-2025-8037 (bmo#1964767)
    Nameless cookies shadow secure cookies
  * CVE-2025-8030 (bmo#1968414)
    Potential user-assisted code execution in “Copy as cURL”
    command
  * CVE-2025-8031 (bmo#1971719)
    Incorrect URL stripping in CSP reports
  * CVE-2025-8032 (bmo#1974407)
    XSLT documents could bypass CSP
  * CVE-2025-8038 (bmo#1808979)
    CSP frame-src was not correctly enforced for paths
  * CVE-2025-8039 (bmo#1970997)
    Search terms persisted in URL bar
  * CVE-2025-8033 (bmo#1973990)
    Incorrect JavaScript state machine for generators
  * CVE-2025-8034 (bmo#1970422, bmo#1970422, bmo#1970422,
    bmo#1970422)
    Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR
    128.13, Thunderbird ESR 128.13, Firefox ESR 140.1,
    Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141
  * CVE-2025-8040 (bmo#1975058, bmo#1975058, bmo#1975998,
    bmo#1975998)
    Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird
    ESR 140.1, Firefox 141 and Thunderbird 141
  * CVE-2025-8035 (bmo#1975961, bmo#1975961, bmo#1975961)
    Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird
    ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox
    141 and Thunderbird 141
-------------------------------------------------------------------
Thu Jul 17 11:36:27 UTC 2025 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 140.0.1
  * fixed: What's New page for 140esr was not displayed
    (bmo#1976080)
  * fixed: Status bar showed previously detached attachment when
    hovering over a new one (bmo#1971603)
  * fixed: URLs for hovered links in status bar could be
    immediately overwritten (bmo#1947026)
  * fixed: NNTP message pane did not show network error page when
    network was lost (bmo#1971542)
  * fixed: Inserting a link into an HTML mail did not work as
    expected (bmo#1975621)
  * fixed: Autoconfig no longer handled 'No such host' errors
    correctly (bmo#1951827)
  * fixed: Thunderbird could crash on startup for POP3
    (bmo#1972546)
- Mozilla Thunderbird 140
  * new: Implemented enterprise policy to allow granular in-app
    notification control (bmo#1950887)
  * new: New mail alert now includes message disposition buttons
    (bmo#410338)
  * new: Added 'Mark as Read' and 'Delete' actions to mail
    notifications (bmo#1953662)
  * new: Added 'Mark as Spam' and 'Mark as Starred' actions to
    mail notifications (bmo#1953661)
  * new: Support dark reader for the message pane (bmo#1715361)
  * new: Messages are automatically adapted to dark mode with a
    quick toggle in the header (bmo#1942206)
  * new: Message filters are now available in the Folder Pane
    context menu (bmo#1845206)
  * new: Added horizontal threadpane scrolling
    `mail.threadpane.table.horizontal_scroll` (bmo#381821)
  * new: Implemented customizable row count for Cards View in
    'Appearance' settings (bmo#1865057)
  * new: Implemented ability to manually sort folders in the
    folder pane (bmo#1846550)
  * new: New "Appearance" Settings UI to globally control message
    threading/sorting order (bmo#1829737,bmo#1943724)
  * new: Added checkbox to select/unselect all calendars in the
    calendar setup wizard (bmo#1733959)
  * new: Account Hub enabled by default for second email setup
    (bmo#1968292)
  * new: Add-ons: Added support for specifying a cookieStoreId
    when creating a space (bmo#1913580)
  * new: Added Thunderbird-specific loading symbol (bmo#1905839)
  * changed: Removed obsolete preference
    `extensions.overlayloader.loglevel` (bmo#1901705)
  * changed: CardDAV address books and calendars now use the same
    OAuth2 code as mail (bmo#1927998)
  * changed: Display junk state and allow toggling it from top of
    message context menu (bmo#1923391)
  * changed: Subscribe/Unsubscribe buttons were removed from the
    IMAP subscribe dialog (bmo#1710319)
  * changed: Ignore unsupported subkeys/signatures when importing
    compliant OpenPGP keys (bmo#1884337)
  * changed: Some generic appearance settings were moved from
    General to Appearance section (bmo#1944986)
  * changed: Add-ons: browser.messages.listAttachments() now
    returns attachment headers (bmo#1937649)
  * changed: Set `calendar.alarms.showmissed` preference to false
    by default (bmo#1934069)
  * changed: Exporting a calendar to .ics did not include the
    calendar name (bmo#1901384)
  * fixed: Chrome URLs were opened in an external browser
    (bmo#1909585)
  * fixed: Race condition in folder compaction could cause
    unexpected behavior (bmo#1931863)
  * fixed: Crash could occur when shutting down during MAPI send
    (bmo#1944274)
  * fixed: Message preview truncation in notifications improved
    (bmo#1953692)
  * fixed: Thunderbird could crash when setting message compose
    headers (bmo#1803006)
  * fixed: Links in the OAuth authentication window did not open
    when clicked (bmo#1956988)
  * fixed: Mail window could stop functioning during and after
    folder compaction (bmo#1952311)
  * fixed: Error message for compacting a corrupted local folder
    was not useful (bmo#1941770)
  * fixed: Repair folder did not fix mbox files produced on MacOS
    before Thunderbird 1.0 (bmo#1942540)
  * fixed: Wrong day of week displayed for some emails
    (bmo#1796042)
  * fixed: Edit menu entries missing when group header selected
    in "Grouped by sort" view (bmo#1924977)
  * fixed: IMAP folder "Undelete" performed "Delete" when mixed
    messages were selected (bmo#393523)
  * fixed: View Message Source no longer worked for multiple
    selected messages (bmo#1962791)
  * fixed: Creating a new mail account from the menu bar in a
    message window failed (bmo#1964067)
  * fixed: Feed subscriptions were broken (bmo#1969932)
  * fixed: Feed body was not rendered when "Message Body As"
    formatting option selected (bmo#1906705,bmo#1906830)
  * fixed: Thunderbird could show incorrect 'From' and 'To'
    fields for mailing list emails (bmo#1900211)
  * fixed: `mail.compose.other.header` wrongly added fields to
    message preview pane headers (bmo#1802793)
  * fixed: Deleting or detaching attachments in a saved .eml file
    appeared to work but failed (bmo#1940528)
  * fixed: In RSS feeds, the space bar did not scroll the message
    like it did in emails (bmo#1830755)
  * fixed: Unchecking "Show all headers" in Message Header
    Settings closed dialog (bmo#1881788)
  * fixed: Some webpage links could be forced to open in
    Thunderbird (bmo#700979)
  * fixed: Right-click of message in cross-folder virtual folder
    wrongly selected it (bmo#1903910)
  * fixed: Messages deleted from a cross-folder search view could
    not be undeleted (bmo#1902597)
  * fixed: Cards view "replies" button remained styled without
    new messages in thread (bmo#1920747)
  * fixed: Subscribe window "Show items that contain" should not
    have been shown for IMAP (bmo#1630286)
  * fixed: POP3 inbox could show new mail with no subject, no
    sender, and date 1970-01-01 (bmo#1911477)
  * fixed: Folders at level 3+ were not auto-discovered when IMAP
    subscriptions were ignored (bmo#1902236)
  * fixed: New subfolder did not inherit parent view, sort order,
    sort type, or columns (bmo#1933529)
  * fixed: With "Fetch headers only" enabled, messages could not
    be sorted by size (bmo#1939852)
  * fixed: Selecting starred messages did not update immediately
    (bmo#1942348)
  * fixed: Marking a unified folder as favorite did not show it
    in favorite folders (bmo#537342)
  * fixed: Threaded search view was not updated correctly when
    sorted by date received (bmo#1257826)
  * fixed: Menu items to manage folders were not disabled in
    offline mode (bmo#1881087)
  * fixed: Ctrl or Shift selecting multiple messages reset when
    dragging across a message (bmo#1941171)
  * fixed: Folder was hidden from Favorite when subfolder was
    removed (bmo#1857315)
  * fixed: Folder tree message counts displayed incorrectly under
    certain conditions (bmo#1957878)
  * fixed: The UI could falsely report a message as encrypted
    when a null cipher was used (bmo#1943620)
  * fixed: Message security panel strings were used in the wrong
    places (bmo#1941457)
  * fixed: Importing an OpenPGP public key with whitespace failed
    (bmo#1941700)
  * fixed: Unable to open attached signed OpenPGP .eml message
    (bmo#1943021)
  * fixed: OpenPGP key was not updated when accepted key was
    reimported with new identities (bmo#1948831)
  * fixed: Dual signed (PGP and S/MIME) emails were not displayed
    (bmo#1878664)
  * fixed: "Secret Key ID" field did not sanitize input, causing
    draft encryption to fail (bmo#1670174)
  * fixed: Could not send signed/encrypted messages in some
    setups due to regression (bmo#1961106)
  * fixed: Quick Filter did not display loading symbol when
    search was in progress (bmo#1874419)
  * fixed: Search messages dialog list could not be sorted by
    clicking the header icon (bmo#1942751)
  * fixed: Repaired folders were not reindexed for search after
    repair (bmo#1348662)
  * fixed: Messages with multiple authors or no author were not
    indexed for global search (bmo#1831475)
  * fixed: Messages from authors without email address were not
    indexed for global search (bmo#1223951)
  * fixed: Shutdown could hang due to unterminated search
    execution (bmo#1934491)
  * fixed: Changing a saved draft's send identity did not prompt
    to save the modified message (bmo#1850192)
  * fixed: Thunderbird did not warn when replying to a 'noreply'
    address containing a '+' (bmo#1904005)
  * fixed: Invite attachments without a name were forwarded as
    'Attached Message Part' (bmo#1822978)
  * fixed: Creating a link from selected text did not work with
    advanced properties selected (bmo#1969767)
  * fixed: Spellcheck no longer highlighted misspelled words in
    the compose window (bmo#1971121,bmo#1974125)
  * fixed: Changing the UI font size did not apply to some
    dialogs (bmo#1916066)
  * fixed: Deleted Gmail messages stayed visible until
    compact/expunge, despite settings (bmo#399475)
  * fixed: Notification duration preference enabled when system
    notifications were enabled (bmo#1953322)
  * fixed: Chat settings tab remained visible when
    `mail.chat.enabled` was false (bmo#1671747)
  * fixed: macOS system notifications worked but email alerts
    could not be disabled separately (bmo#1964362)
  * fixed: Setting different archiving options for multiple
    identities did not work (bmo#1968381)
  * fixed: OAuth2 not shown in "Authentication method" menulist
    for existing Exchange account (bmo#1915208)
  * fixed: 'Please fill out this field' in account setup always
    appeared in English (bmo#1931693)
  * fixed: No gap existed between Back and Forward buttons in the
    Feed Account Wizard dialog (bmo#1947643)
  * fixed: Moving back in the calendar import dialog could break
    the Continue button (bmo#1967965)
  * fixed: Add-ons: Links in content pages with a target
    attribute loaded a blank page (bmo#1905616)
  * fixed: Add-ons: Context menu entries were incorrectly
    aligned. (bmo#1933970)
  * fixed: Add-ons: Optional permission prompts for WebExtensions
    displayed wrong permissions (bmo#1879689)
  * fixed: Double clicking a new contact icon added the contact
    to the address book twice (bmo#1938281)
  * fixed: Unable to auto-discover Address Book on Radicale
    server (bmo#1925006)
  * fixed: CardDAV synchronization to Zimbra server failed
    (bmo#1903549)
  * fixed: Mark-Of-The-Web was not applied to attachments saved
    via drag and drop (bmo#1805986)
  * fixed: System search toggle did not properly reflect and
    control integration state (bmo#553048)
  * fixed: Some messages could not be scrolled due to hidden
    overflows in inline styles (bmo#1951248)
  * fixed: Keyboard navigation was not possible when first header
    button was disabled (bmo#1953483)
  * fixed: Thunderbird could crash when renaming a local folder
    while copying from IMAP (bmo#1581079)
  * fixed: Some functionality was missing for newsgroup messages
    opened from a file or URI (bmo#11076)
  * fixed: Message and folder lists could display incorrect line
    spacing after restart (bmo#1947554)
  * fixed: Automatic compact did not attempt to compact all
    folders when error encountered (bmo#1903174)
  * fixed: APOP authenication for POP3 did not prompt for
    corrected password (bmo#1928803)
  * fixed: POP3 'fetch headers only' and 'get selected messages'
    could skip some messages (bmo#1937069)
  * fixed: Thunderbird logged network errors in console when used
    in offline mode (bmo#1802300)
  * fixed: Slow performance when moving bulk messages from IMAP
    to local (bmo#1945062)
  * fixed: Crossposting news article was not possible if
    newsgroups on different servers (bmo#230899)
  * fixed: Cancelling a post to a news server could fail and
    remove the article (bmo#250216)
  * fixed: Thunderbird could crash in NNTP subscription dialog
    (bmo#1961659)
  * fixed: Newsgroup searches with slashes were not supported
    with XPAT-enabled servers (bmo#530193)
  * fixed: Offline newsgroup use lacked functionality needed for
    effective offline access (bmo#288120)
  * fixed: Thunderbird could show a misleading error message on
    IMAP login failure (bmo#803994)
  * fixed: Modal alerts shown for expired articles when
    downloading news for offline use (bmo#805095)
  * fixed: Status bar message did not include newsgroup name
    along with the account name (bmo#946643)
  * fixed: Reconnecting to an NNTP server was potentially not
    possible (bmo#1929948)
  * fixed: Nickserv messages appeared during successful
    authentication (bmo#1951485)
  * fixed: Thunderbird Flatpak install did not use a branded
    symbolic icon (bmo#1914381)
  * fixed: Unable to view full certificate chain from the "View
    Signature" button (bmo#1716998)
  * fixed: Organizer email address for CalDAV calendar events
    could be incorrect (bmo#1587736)
  * fixed: Changing `calendar.week.start` preference did not
    update calendar views (bmo#1918010)
  * fixed: Clicking a `mid:` link in Calendar opened two copies
    of the message (bmo#1955840)
  * fixed: Clicking a 'mid:' link in event created from message
    did not work (bmo#1970916)
  * fixed: Thunderbird calendar failed to show attendee as busy
    when added to an event (bmo#1931475)
  * fixed: Some calendar requests were blocked due to opaque
    response blocking (bmo#1920710)
  * fixed: Visual and UX improvements (bmo#1935652,bmo#1941139,bm
    o#1949828,bmo#1952481,bmo#1955860,bmo#1968444)
  * fixed: Security fixes
  MFSA 2025-54 (bsc#1244670)
  * CVE-2025-6424 (bmo#1966423)
    Use-after-free in FontFaceSet
  * CVE-2025-6425 (bmo#1717672)
    The WebCompat WebExtension shipped exposed a persistent UUID
  * CVE-2025-6426 (bmo#1964385)
    No warning when opening executable terminal files on macOS
  * CVE-2025-6427 (bmo#1966927)
    connect-src Content Security Policy restriction could be
    bypassed
  * CVE-2025-6429 (bmo#1970658)
    Incorrect parsing of URLs could have allowed embedding of
    youtube.com
  * CVE-2025-6430 (bmo#1971140)
    Content-Disposition header ignored when a file is included in
    an embed or object tag
  * CVE-2025-6432 (bmo#1943804)
    DNS Requests leaked outside of a configured SOCKS proxy
  * CVE-2025-6433 (bmo#1954033)
    WebAuthn would allow a user to sign a challenge on a webpage
    with an invalid TLS certificate
  * CVE-2025-6434 (bmo#1955182)
    HTTPS-Only exception screen lacked anti-clickjacking delay
  * CVE-2025-6435 (bmo#1950056, bmo#1961777)
    Save as in Devtools could download files without sanitizing
    the extension
  * CVE-2025-6436 (bmo#1941377, bmo#1960948, bmo#1966187,
    bmo#1966505, bmo#1970764)
    Memory safety bugs fixed in Firefox 140 and Thunderbird 140
- Added mozilla-bmo1746799.patch
- Removed mozilla-kde.patch
-------------------------------------------------------------------
Wed Jul  9 11:13:54 UTC 2025 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 128.12
  * fixed: Security fixes
  MFSA 2025-55 (bsc#1244670)
  * CVE-2025-6424 (bmo#1966423)
    Use-after-free in FontFaceSet
  * CVE-2025-6425 (bmo#1717672)
    The WebCompat WebExtension shipped exposed a persistent UUID
  * CVE-2025-6426 (bmo#1964385)
    No warning when opening executable terminal files on macOS
  * CVE-2025-6429 (bmo#1970658)
    Incorrect parsing of URLs could have allowed embedding of
    youtube.com
  * CVE-2025-6430 (bmo#1971140)
    Content-Disposition header ignored when a file is included in
    an embed or object tag
-------------------------------------------------------------------
Wed Jun 11 14:52:54 UTC 2025 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 128.11.1
  * fixed: Security fixes
  MFSA 2025-49 (bsc#1244468)
  * CVE-2025-5986 (bmo#1958580, bmo#1968012)
    Unsolicited File Download, Disk Space Exhaustion, and
    Credential Leakage via mailbox:/// Links
-------------------------------------------------------------------
Mon Jun  2 07:44:42 UTC 2025 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 128.11
  * fixed: Thunderbird could crash if message copying to Sent
    folder was interrupted (bmo#1965304)
  * fixed: Security fixes
  MFSA 2025-46 (bsc#1243353)
  * CVE-2025-5262 (bmo#1962421)
    Double-free in libvpx encoder
  * CVE-2025-5263 (bmo#1960745)
    Error handling for script execution was incorrectly isolated
    from web content
  * CVE-2025-5264 (bmo#1950001)
    Potential local code execution in “Copy as cURL” command
  * CVE-2025-5265 (bmo#1962301)
    Potential local code execution in “Copy as cURL” command
  * CVE-2025-5266 (bmo#1965628)
    Script element events leaked cross-origin resource status
  * CVE-2025-5267 (bmo#1954137)
    Clickjacking vulnerability could have led to leaking saved
    payment card details
  * CVE-2025-5268 (bmo#1950136, bmo#1958121, bmo#1960499,
    bmo#1962634)
    Memory safety bugs fixed in Firefox 139, Thunderbird 139,
    Firefox ESR 128.11, and Thunderbird 128.11
  * CVE-2025-5269 (bmo#1924108)
    Memory safety bug fixed in Firefox ESR 128.11 and Thunderbird
    128.11
-------------------------------------------------------------------
Wed May 21 11:28:44 UTC 2025 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 128.10.2
  * fixed: Messages could not be viewed if the profile used a UNC
    path (bmo#1966256)
  * fixed: Visual and UX improvements (bmo#1964156)
  * fixed: Security fixes
  MFSA 2025-40 (bsc#1243303)
  * CVE-2025-4918 (bmo#1966612)
    Out-of-bounds access when resolving Promise objects
  * CVE-2025-4919 (bmo#1966614)
    Out-of-bounds access when optimizing linear sums
-------------------------------------------------------------------
Thu May 15 09:08:24 UTC 2025 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 128.10.1
  * fixed: Standalone message windows/tabs no longer responded
    after folder compaction (bmo#1960349)
  * fixed: Thunderbird could crash when importing Outlook
    messages (bmo#1851297)
  * fixed: Visual and UX improvements (bmo#1960861)
  * fixed: Security fixes
  MFSA 2025-34 (bsc#1243216)
  * CVE-2025-3875 (bmo#1950629)
    Sender Spoofing via Malformed From Header in Thunderbird
  * CVE-2025-3877 (bmo#1958580)
    Unsolicited File Download, Disk Space Exhaustion, and
    Credential Leakage via mailbox:/// Links
  * CVE-2025-3909 (bmo#1958376)
    JavaScript Execution via Spoofed PDF Attachment and file:///
    Link
  * CVE-2025-3932 (bmo#1960412)
    Tracking Links in Attachments Bypassed Remote Content
    Blocking
-------------------------------------------------------------------
Wed Apr 30 07:19:01 UTC 2025 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird ESR 128.10
  * changed: Changed color override defaults with high contrast
    mode on macOS and Linux (bmo#1940220)
  * fixed: Using `Delete` column in "Search Messages..." window
    could delete other messages (bmo#1951680)
  * fixed: Security fixes
  MFSA 2025-29 (bsc#1241621)
  * CVE-2025-2817 (bmo#1917536)
    Privilege escalation in Thunderbird Updater
  * CVE-2025-4082 (bmo#1937097)
    WebGL shader attribute memory corruption in Thunderbird for
    macOS
  * CVE-2025-4083 (bmo#1958350)
    Process isolation bypass using "javascript:" URI links in
    cross-origin frames
  * CVE-2025-4084 (bmo#1949994, bmo#1956698, bmo#1960198)
    Potential local code execution in "copy as cURL" command
  * CVE-2025-4087 (bmo#1952465)
    Unsafe attribute access during XPath parsing
  * CVE-2025-4091 (bmo#1951161, bmo#1952105)
    Memory safety bugs fixed in Firefox 138, Thunderbird 138,
    Firefox ESR 128.10, and Thunderbird 128.10
  * CVE-2025-4093 (bmo#1894100)
    Memory safety bug fixed in Firefox ESR 128.10 and Thunderbird
    128.10
- Update signing key
-------------------------------------------------------------------
Wed Apr 16 10:50:05 UTC 2025 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 128.9.2
  * fixed: Two-factor auth via text or email did not work with
    Office 365 using Oauth2. (bmo#1907115)
  * fixed: IRC channel was not visible after restart.
    (bmo#1941386)
  * fixed: Global indexing failed when processing email with
    invalid calendar data (bmo#1916063)
  * fixed: Security fixes
  MFSA 2025-27 (bsc#1241277)
  * CVE-2025-3522 (bmo#1955372)
    Leak of hashed Window credentials via crafted attachment URL
  * CVE-2025-2830 (bmo#1956379)
    Information Disclosure of /tmp directory listing
  * CVE-2025-3523 (bmo#1958385)
    User Interface (UI) Misrepresentation of attachment URL
- Mozilla Thunderbird 128.9.1
  * fixed: Added delay to built-in notifications when new profile
    is created in offline mode (bmo#1957923)
-------------------------------------------------------------------
Wed Apr  2 06:06:55 UTC 2025 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird ESR 128.9
  * new: Thunderbird now has a notification system for real-time
    desktop alerts (bmo#1936307)
  * fixed: Data corruption occurred when compacting IMAP Drafts
    folder after saving a message (bmo#1909111)
  * fixed: Right-clicking "Decrypt and Save As..." on an
    attachment file failed. (bmo#1952823)
  * fixed: Thunderbird could crash when importing mail
    (bmo#1953574,bmo#1953576)
  * fixed: Sort indicators were missing on the calendar events
    list. (bmo#1914085)
  * fixed: Security fixes
  MFSA 2025-24 (bsc#1240083)
  * CVE-2025-3028 (bmo#1941002)
    Use-after-free triggered by XSLTProcessor
  * CVE-2025-3029 (bmo#1952213)
    URL Bar Spoofing via non-BMP Unicode characters
  * CVE-2025-3030 (bmo#1850615, bmo#1932468, bmo#1942551,
    bmo#1951017, bmo#1951494)
    Memory safety bugs fixed in Firefox 137, Thunderbird 137,
    Firefox ESR 128.9, and Thunderbird 128.9
-------------------------------------------------------------------
Wed Mar 19 10:22:37 UTC 2025 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 128.8.1
  * fixed: PGP/MIME signed message with a missing signature did
    not display (bmo#1948274)
  * fixed: Some emails forwarded as attachments used the wrong
    MIME type (bmo#1839010)
-------------------------------------------------------------------
Thu Mar  6 08:30:16 UTC 2025 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 128.8
  * fixed: Opening an .EML file in profiles with many folders
    could take a long time. (bmo#1948678)
  * fixed: Users with many folders experienced poor performance
    when resizing message panes. (bmo#1860094)
  * fixed: "Replace" button in compose window was overwritten
    when the window was narrow. (bmo#1948427)
  * fixed: Export to mobile did not work when "Use default
    server" was selected. (bmo#1930728)
  * fixed: "Save Link As" was not working in feed web content.
    (bmo#1948532)
  * fixed: Security fixes
  MFSA 2025-18 (bsc#1237683)
  * CVE-2024-43097 (bmo#1945624)
    Overflow when growing an SkRegion's RunArray
  * CVE-2025-1930 (bmo#1902309)
    AudioIPC StreamData could trigger a use-after-free in the
    Browser process
  * CVE-2025-1931 (bmo#1944126)
    Use-after-free in WebTransportChild
  * CVE-2025-1932 (bmo#1944313)
    Inconsistent comparator in XSLT sorting led to out-of-bounds
    access
  * CVE-2025-1933 (bmo#1946004)
    JIT corruption of WASM i32 return values on 64-bit CPUs
  * CVE-2025-1934 (bmo#1942881)
    Unexpected GC during RegExp bailout processing
  * CVE-2025-1935 (bmo#1866661)
    Clickjacking the registerProtocolHandler info-bar
  * CVE-2025-1936 (bmo#1940027)
    Adding %00 and a fake extension to a jar: URL  changed the
    interpretation of the contents
  * CVE-2025-1937 (bmo#1938471, bmo#1940716)
    Memory safety bugs fixed in Firefox 136, Thunderbird 136,
    Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8
  * CVE-2025-1938 (bmo#1922889, bmo#1935004, bmo#1943586,
    bmo#1943912, bmo#1948111)
    Memory safety bugs fixed in Firefox 136, Thunderbird 136,
    Firefox ESR 128.8, and Thunderbird 128.8
-------------------------------------------------------------------
Wed Feb 19 10:33:04 UTC 2025 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 128.7.1
  * fixed: Users may not have been notified if messages arrived
    in multiple folders at once. (bmo#1941911)
  * fixed: Message list scrolled to the wrong place on start-up.
    (bmo#1917465)
  * fixed: Unified folders could become unusable instead of being
    automatically rebuilt. (bmo#1927048)
  * fixed: Some messages may have been threaded incorrectly in
    unified folders. (bmo#1939725)
  * fixed: Middle-click autoscroll cursor appeared without arrows
    instead of expected design. (bmo#1946189)
-------------------------------------------------------------------
Wed Feb  5 08:22:04 UTC 2025 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 128.7
  * fixed: Images inside links could zoom when clicked instead of
    opening the link (bmo#1917278)
  * fixed: Compacting an empty folder failed with write error
    (bmo#1935124)
  * fixed: Compacting of IMAP folder with corrupted local storage
    failed with write error (bmo#1935331)
  * fixed: After restart, all restored tabs with opened PDFs
    showed the same attachment (bmo#1858157)
  * fixed: Exceptions during CalDAV item processing would halt
    subsequent item handling (bmo#1940193)
  * fixed: Context menu was unable to move email address to a
    different field (bmo#1857469)
  * fixed: Security fixes
  MFSA 2025-10 (bsc#1236539)
  * CVE-2025-1009 (bmo#1936613)
    Use-after-free in XSLT
  * CVE-2025-1010 (bmo#1936982)
    Use-after-free in Custom Highlight
  * CVE-2025-1011 (bmo#1936454)
    A bug in WebAssembly code generation could result in a crash
  * CVE-2025-1012 (bmo#1939710)
    Use-after-free during concurrent delazification
  * CVE-2024-11704 (bmo#1899402)
    Potential double-free vulnerability in PKCS#7 decryption
    handling
  * CVE-2025-1013 (bmo#1932555)
    Potential opening of private browsing tabs in normal browsing
    windows
  * CVE-2025-1014 (bmo#1940804)
    Certificate length was not properly checked
  * CVE-2025-1015 (bmo#1939458)
    Unsanitized address book fields
  * CVE-2025-0510 (bmo#1940570)
    Address of e-mail sender can be spoofed by malicious email
  * CVE-2025-1016 (bmo#1936601, bmo#1936844, bmo#1937694,
    bmo#1938469, bmo#1939583, bmo#1940994)
    Memory safety bugs fixed in Firefox 135, Thunderbird 135,
    Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20,
    and Thunderbird 128.7
  * CVE-2025-1017 (bmo#1926256, bmo#1935471, bmo#1935984)
    Memory safety bugs fixed in Firefox 135, Thunderbird 135,
    Firefox ESR 128.7, and Thunderbird 128.7
-------------------------------------------------------------------
Tue Jan 28 12:12:39 UTC 2025 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird ESR 128.6.1
  * fixed: Link at about:rights pointed to Firefox privacy policy
    instead of Thunderbird's (bmo#1941998)
  * fixed: POP3 'fetch headers only' and 'get selected messages'
    could delete messages (bmo#1930847)
  * fixed: 'Search Online' checkbox in saved search properties
    was incorrectly disabled (bmo#1937642)
  * fixed: POP3 status message showed incorrect download count
    when messages were deleted (bmo#1935800)
  * fixed: Space bar did not always advance to the next unread
    message (bmo#1468925)
  * fixed: Folder creation or renaming failed due to incorrect
    preference settings (bmo#1911225)
  * fixed: Forwarding/editing S/MIME drafts/templates unusable
    due to regression (bmo#1940605, bsc#1236411)
  * fixed: Sort order in 'Search Messages' panel reset after
    search or on first launch (bmo#1935073)
  * fixed: Reply window added an unnecessary third blank line at
    the top (bmo#1935938)
  * fixed: Thunderbird spell check box did not allow ENTER to
    accept suggested changes (bmo#1935401)
  * fixed: Long email subject lines could overlap window control
    buttons on macOS (bmo#1940201)
  * fixed: Flathub manifest link was not correct (bmo#1907695)
  * fixed: 'Prefer client-side email scheduling' needed to be
    selected twice (bmo#1862400)
  * fixed: Duplicate invitations were sent if CALDAV calendar
    email case did not match (bmo#1889607)
  * fixed: Visual and UX improvements
    (bmo#1875325,bmo#1901846,bmo#1939603,bmo#1855276)
-------------------------------------------------------------------
Thu Jan  9 07:23:03 UTC 2025 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird ESR 128.6
  * fixed: New mail notification was not hidden after reading the
    new message (bmo#1920077)
  * fixed: New mail notification could show for the wrong folder,
    causing repeated alerts (bmo#1926462)
  * fixed: macOS shortcut CMD+1 did not restore the main window
    when it was minimized (bmo#1857953)
  * fixed: Clicking the context menu "Reply" button resulted in
    "Reply-All" (bmo#1935883)
  * fixed: Switching from "All", "Unread", and "Threads with
    unread" did not work (bmo#1921618)
  * fixed: Downloading message headers from a newsgroup could
    cause a hang (bmo#1931661)
  * fixed: Message list performance slow when many updates
    happened at once (bmo#1933104)
  * fixed: "mailto:" links did not apply the compose format of
    the current identity (bmo#550414)
  * fixed: Authentication failure of AUTH PLAIN or AUTH LOGIN did
    not fall back to USERPASS (bmo#1928026)
  * fixed: Security fixes
  MFSA 2025-05 (bsc#1234991)
  * CVE-2025-0237 (bmo#1915257)
    WebChannel APIs susceptible to confused deputy attack
  * CVE-2025-0238 (bmo#1915535)
    Use-after-free when breaking lines in text
  * CVE-2025-0239 (bmo#1929156)
    Alt-Svc ALPN validation failure when redirected
  * CVE-2025-0240 (bmo#1929623)
    Compartment mismatch when parsing JavaScript JSON module
  * CVE-2025-0241 (bmo#1933023)
    Memory corruption when using JavaScript Text Segmentation
  * CVE-2025-0242 (bmo#1874523, bmo#1926454, bmo#1931873,
    bmo#1932169)
    Memory safety bugs fixed in Firefox 134, Thunderbird 134,
    Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19,
    and Thunderbird 128.6
  * CVE-2025-0243 (bmo#1827142, bmo#1932783)
    Memory safety bugs fixed in Firefox 134, Thunderbird 134,
    Firefox ESR 128.6, and Thunderbird 128.6
-------------------------------------------------------------------
Thu Dec 12 08:16:28 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 128.5.2
  * fixed: Large virtual folders could be very slow (bmo#1830145)
  * fixed: Message could disappear after moving from IMAP folder
    followed by Undo and Redo (bmo#1898706)
  * fixed: XMPP chat did not display messages sent inside a CDATA
    element (bmo#1929011)
  * fixed: Selected calendar day did not move forward at midnight
    (bmo#1757341)
  * fixed: Today pane agenda sometimes scrolled for no apparent
    reason (bmo#1930588)
  * fixed: CalDAV calendars without offline support could degrade
    start-up performance (bmo#1933099)
  * fixed: Visual and UX improvements (bmo#1913807,bmo#1930589)
  * fixed: Security fixes
  MFSA 2024-69 (bsc#1234413)
  * CVE-2024-50336 (bmo#1929264)
    matrix-js-sdk has insufficient MXC URI validation which could
    allow client-side path traversal
-------------------------------------------------------------------
Tue Dec  3 11:40:13 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 128.5.1
  * new: Add end of year donation appeal (bmo#1925389)
  * fixed: Total message count for favorite folders did not work
    consistently (bmo#1924356)
- Tweak appdata-naming
-------------------------------------------------------------------
Wed Nov 27 11:37:27 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 128.5
  * fixed: IMAP could crash when reading cached messages
    (bmo#1931508)
  * fixed: Enabling "Show Folder Size" on Maildir profile could
    render Thunderbird unusable (bmo#1926279)
  * fixed: Messages corrupted by folder compaction were only
    fixed by user intervention (bmo#1929105)
  * fixed: Reading a message from past the end of an mbox file
    did not cause an error (bmo#1931258)
  * fixed: View -> Folders had duplicate F access keys
    (bmo#1929925)
  * fixed: Add-ons adding columns to the message list could fail
    and cause display issue (bmo#1909621)
  * fixed: "Empty trash on exit" and "Expunge inbox on exit" did
    not always work (bmo#1896545)
  * fixed: Selecting a display option in View -> Tasks did not
    apply in the Task interface (bmo#1927760)
  * fixed: Security fixes
  MFSA 2024-68 (bsc#1233695)
  * CVE-2024-11691 (bmo#1914707, bmo#1924184)
    Out-of-bounds write in Apple GPU drivers via WebGL
  * CVE-2024-11692 (bmo#1909535)
    Select list elements could be shown over another site
  * CVE-2024-11693 (bmo#1921458)
    Download Protections were bypassed by .library-ms files on
    Windows
  * CVE-2024-11694 (bmo#1924167)
    CSP Bypass and XSS Exposure via Web Compatibility Shims
  * CVE-2024-11695 (bmo#1925496)
    URL Bar Spoofing via Manipulated Punycode and Whitespace
    Characters
  * CVE-2024-11696 (bmo#1929600)
    Unhandled Exception in Add-on Signature Verification
  * CVE-2024-11697 (bmo#1842187)
    Improper Keypress Handling in Executable File Confirmation
    Dialog
  * CVE-2024-11698 (bmo#1916152)
    Fullscreen Lock-Up When Modal Dialog Interrupts Transition on
    macOS
  * CVE-2024-11699 (bmo#1880582, bmo#1929911)
    Memory safety bugs fixed in Firefox 133, Thunderbird 133,
    Firefox ESR 128.5, and Thunderbird 128.5
- Handle upstream changes with esr-prefix of desktop-file (boo#1233650)
-------------------------------------------------------------------
Thu Nov 14 13:30:13 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 128.4.3
  * fixed: Folder corruption could cause Thunderbird to freeze
    and become unusable (bmo#1924291)
  * fixed: Message corruption could be propagated when reading
    mbox (bmo#1926810)
  * fixed: Folder compaction was not abandoned on shutdown
    (bmo#1924918)
  * fixed: Folder compaction did not clean up on failure
    (bmo#1923526)
  * fixed: Collapsed NNTP thread incorrectly indicated there were
    unread messages (bmo#520582)
  * fixed: Navigating to next unread message did not wait for all
    messages to be loaded (bmo#1842419)
  * fixed: Applying column view to folder and children could
    break if folder error occurred (bmo#1872595)
  * fixed: Remote content notifications were broken with
    encrypted messages (bmo#1924058)
  * fixed: Updating criteria of a saved search resulted in poor
    search performance (bmo#1923585)
  * fixed: Drop-downs may not work in some places (bmo#1928252)
  * fixed: Security fixes
  MFSA 2024-61 (bsc#1233355)
  * CVE-2024-11159 (bmo#1925929)
    Potential disclosure of plaintext in OpenPGP encrypted
    message
- Mozilla Thunderbird 128.4.2
  * changed: Increased the auto-compaction threshold to reduce
    frequency of compaction (bmo#1927656)
  * fixed: New profile creation caused console errors
    (bmo#1912675)
  * fixed: Repair folder could result in older messages showing
    wrong date and time (bmo#1911916)
  * fixed: Recently deleted messages could become undeleted if
    message compaction failed (bmo#1924927)
  * fixed: Visual and UX improvements
    (bmo#1857413,bmo#1922934,bmo#1924437)
  * fixed: Clicking on an HTML button could cause Thunderbird to
    freeze (bmo#1879355)
  * fixed: Messages could not be selected for dragging
    (bmo#1887518)
  * fixed: Could not open attached file in a MIME encrypted
    message (bmo#1924637)
  * fixed: Account creation "Setup Documentation" link was broken
    (bmo#1925493)
  * fixed: Unable to generate QR codes when exporting to mobile
    in some cases (bmo#1928114)
  * fixed: Operating system reauthentication was missing when
    exporting QR codes for mobile (bmo#1928232)
  * fixed: Could not drag all-day events from one day to another
    in week view (bmo#1922944)
- Mozilla Thunderbird 128.4.1
  * new: Add the 20 year donation appeal (bmo#192538)
- Mozilla Thunderbird 128.4
  * new: Export Thunderbird account settings to Thunderbird
    Mobile via QRCode (bmo#1926036)
  * fixed: Unable to send an unencrypted response to an OpenPGP
    encrypted message (bmo#1911080)
  * fixed: Thunderbird update did not update language pack
    version until another restart (bmo#1911887)
  * fixed: Security fixes
  MFSA 2024-58 (bsc#1231879)
  * CVE-2024-10458 (bmo#1921733)
    Permission leak via embed or object elements
  * CVE-2024-10459 (bmo#1919087)
    Use-after-free in layout with accessibility
  * CVE-2024-10460 (bmo#1912537)
    Confusing display of origin for external protocol handler
    prompt
  * CVE-2024-10461 (bmo#1914521)
    XSS due to Content-Disposition being ignored in
    multipart/x-mixed-replace response
  * CVE-2024-10462 (bmo#1920423)
    Origin of permission prompt could be spoofed by long URL
  * CVE-2024-10463 (bmo#1920800)
    Cross origin video frame leak
  * CVE-2024-10464 (bmo#1913000)
    History interface could have been used to cause a Denial of
    Service condition in the browser
  * CVE-2024-10465 (bmo#1918853)
    Clipboard "paste" button persisted across tabs
  * CVE-2024-10466 (bmo#1924154)
    DOM push subscription message could hang Firefox
  * CVE-2024-10467 (bmo#1829029, bmo#1888538, bmo#1900394,
    bmo#1904059, bmo#1917742, bmo#1919809, bmo#1923706)
    Memory safety bugs fixed in Firefox 132, Thunderbird 132,
    Firefox ESR 128.4, and Thunderbird 128.4
-------------------------------------------------------------------
Fri Oct 11 06:50:53 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 128.3.1
  * fixed: Security fixes
  MFSA 2024-52 (bsc#1231413)
  * CVE-2024-9680 (bmo#1923344)
    Use-after-free in Animation timeline
- Remove upstreamed patch mozilla-bmo1923344.patch
- Delete empty, unused mime-directory
-------------------------------------------------------------------
Wed Oct  9 08:48:04 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Add patch mozilla-bmo1923344.patch to fix bsc#1231413 
-------------------------------------------------------------------
Mon Oct  7 14:02:46 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 128.3
  * fixed: Opening an EML file with a 'mailto:' link did not work
    (bmo#1914887)
  * fixed: Collapsed POP3 account folder was expanded after
    emptying trash on exit (bmo#1897412)
  * fixed: "Mark Folder Read" on a cross-folder search marked all
    underlying folders read (bmo#1909617)
  * fixed: Unable to open/view attached OpenPGP encrypted
    messages (bmo#1837247)
  * fixed: Unable to "Decrypt and Open" an attached OpenPGP key
    file (bmo#1917577)
  * fixed: Subject could disappear when replying to a message
    saved in an EML file (bmo#1910477)
  * fixed: OAuth2 authentication method was not available when
    adding SMTP server (bmo#1917472)
  * fixed: Unable to subscribe to .ics calendars in some
    situations (bmo#1906077)
  * fixed: Visual and UX improvements (bmo#1917787,bmo#1912733)
  * fixed: Security fixes
  MFSA 2024-49 (bsc#1230979)
  * CVE-2024-9392 (bmo#1899154, bmo#1905843)
    Compromised content process can bypass site isolation
  * CVE-2024-9393 (bmo#1918301)
    Cross-origin access to PDF contents through multipart
    responses
  * CVE-2024-9394 (bmo#1918874)
    Cross-origin access to JSON contents through multipart
    responses
  * CVE-2024-8900 (bmo#1872841)
    Clipboard write permission bypass
  * CVE-2024-9396 (bmo#1912471)
    Potential memory corruption may occur when cloning certain
    objects
  * CVE-2024-9397 (bmo#1916659)
    Potential directory upload bypass via clickjacking
  * CVE-2024-9398 (bmo#1881037)
    External protocol handlers could be enumerated via popups
  * CVE-2024-9399 (bmo#1907726)
    Specially crafted WebTransport requests could lead to denial
    of service
  * CVE-2024-9400 (bmo#1915249)
    Potential memory corruption during JIT compilation
  * CVE-2024-9401 (bmo#1872744, bmo#1897792, bmo#1911317,
    bmo#1916476)
    Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16,
    Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3
  * CVE-2024-9402 (bmo#1872744, bmo#1897792, bmo#1911317,
    bmo#1913445, bmo#1914106, bmo#1914475, bmo#1914963,
    bmo#1915008, bmo#1916476)
    Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3,
    Thunderbird 131, and Thunderbird 128.3
-------------------------------------------------------------------
Wed Sep 25 13:20:28 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 128.2.3
  * fixed: Reverted OAuth2 changes from 128.2.2esr due to
    authentication timeout after upgrade (bmo#1919695)
- Mozilla Thunderbird 128.2.2
  * new: Account setup is updated to support OAuth2 granular
    permissions (bmo#1909789)
  * fixed: Thunderbird could crash when using return receipt with
    OWL add-on (bmo#1917218)
  * fixed: Folder pane display was blank due to invalid mail
    server hostname (bmo#1911951)
  * fixed: Some users were unable to log in to Microsoft 365
    (bmo#1908866)
  * fixed: Matrix end-to-end encryption tab in account settings
    could be shown for XMPP account (bmo#1915199)
  * fixed: Participant and message were not populated when user
    left the room using XMPP (bmo#1914633)
  * fixed: Visual and UX improvements
    (bmo#1910474,bmo#1913329,bmo#1913741,bmo#1915826,bmo#1916089)
- Mozilla Thunderbird 128.2.1
  * fixed: Message window froze after clicking 'mailto:' link
    containing child elements (bmo#1914250)
  * fixed: "Grouped By Sort" state was not preserved for unified
    and virtual folders (bmo#1905912)
  * fixed: Repairing local folders caused messages in folder to
    temporarily disappear (bmo#1910168)
  * fixed: Repairing an IMAP folder resulted in incorrect total
    and unread message counts (bmo#1913224)
  * fixed: Quick Filter reset sort type in threaded views sorted
    by "Order Received" ascending (bmo#1774455)
  * fixed: Display names for SMTP servers could be incorrectly
    formatted as a date (bmo#1902742)
  * fixed: Importing profiles from SeaMonkey did not work in
    certain circumstances (bmo#1825995)
  * fixed: Calendar events filter no longer allowed searching
    past or all events (bmo#1855900)
  * fixed: Calendar updates were not added to cache when
    Thunderbird was offline (bmo#1908530)
  * fixed: Visual and UX improvements (bmo#1691301,bmo#1911603,bm
    o#1911775,bmo#1912655,bmo#1913251,bmo#1913889,bmo#1914751)
- Mozilla Thunderbird 128.2
  * fixed: Performance could be degraded when sorting with Quick
    Filter or Grouped By Sort (bmo#1908761)
  * fixed: "Mark All Read" on Quick Filter results marked all
    emails in folder as read (bmo#1894214)
  * fixed: "latest" download bouncer aliases were not available
    for 128 releases prior to 128.2.0esr (bmo#1907317)
  * fixed: Security fixes
  MFSA 2024-43 (bsc#1229821)
  * CVE-2024-8394 (bmo#1895737)
    Crash when aborting verification of OTR chat
  * CVE-2024-8385 (bmo#1911909)
    WASM type confusion involving ArrayTypes
  * CVE-2024-8381 (bmo#1912715)
    Type confusion when looking up a property name in a "with"
    block
  * CVE-2024-8382 (bmo#1906744)
    Internal event interfaces were exposed to web content when
    browser EventHandler listener callbacks ran
  * CVE-2024-8384 (bmo#1911288)
    Garbage collection could mis-color cross-compartment objects
    in OOM conditions
  * CVE-2024-8386 (bmo#1907032, bmo#1909163, bmo#1909529)
    SelectElements could be shown over another site if popups are
    allowed
  * CVE-2024-8387 (bmo#1857607, bmo#1911858, bmo#1914009)
    Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2,
    and Thunderbird 128.2
- Removed upstreamed patches mozilla-bmo1907511.patch mozilla-bmo1898476.patch
-------------------------------------------------------------------
Fri Aug 30 08:49:33 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 128.1.1
  * fixed: Compaction of folders greater than 4GB were truncated
    to 4GB on 32-bit installations of Thunderbird 128esr
    (bmo#1911076)
  * fixed: Some UTF-8 characters were corrupted when using
    OpenPGP signing with OpenPGP encryption (bmo#1911227)
  * fixed: Visual and UX improvements
    (bmo#1846509,bmo#1911219,bmo#1911629) 
-------------------------------------------------------------------
Tue Aug 20 12:28:40 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 128.1
  * fixed: Could not add override for a certificate with the
    wrong hostname (bmo#1903135)
  * fixed: Auto-detection of CalDAV calendars and CardDAV address
    books failed in certain scenarios (bmo#1583053)
  * fixed: Potential memory leak in local folder repair
    (bmo#1906835)
  * fixed: Selecting messages and then switching to a new folder
    with no selected messages did not clear selected messages
    count (bmo#1905542)
  * fixed: When using an external installation of GnuPG,
    Thunderbird occassionally sent/received corrupted messages
    (bmo#1898832)
  * fixed: Users of external GnuPG were unable to decrypt
    incorrectly encoded messages (bmo#1906903)
  * fixed: UTF-8 encoded messages became garbled when encrypted
    using inline OpenPGP (bmo#1899110)
  * fixed: Could not access the contents of an S/MIME encrypted
    message wrapped in a digital signature (bmo#1806161)
  * fixed: Occasional crash occurred shortly after startup
    (bmo#1872230)
  * fixed: Flatpak created a duplicate unpinned icon in Linux
    dock after launching Thunderbird (bmo#1904390)
  * fixed: Flatpak release notes URL was incorrect (bmo#1907397)
  * fixed: Spell checker dictionary was not available for Flatpak
    install (bmo#1908046)
  * fixed: Digital signatures on signed-only OpenPGP messages
    were broken with some providers (bmo#1908113)
  * fixed: Visual and UX improvements
    (bmo#1875054,bmo#1906497,bmo#1906758,bmo#1907761)
  * fixed: Security fixes
  MFSA 2024-37 (bsc#1228648)
  * CVE-2024-7518 (bmo#1875354)
    Fullscreen notification dialog can be obscured by document
    content
  * CVE-2024-7519 (bmo#1902307)
    Out of bounds memory access in graphics shared memory
    handling
  * CVE-2024-7520 (bmo#1903041)
    Type confusion in WebAssembly
  * CVE-2024-7521 (bmo#1904644)
    Incomplete WebAssembly exception handing
  * CVE-2024-7522 (bmo#1906727)
    Out of bounds read in editor component
  * CVE-2024-7525 (bmo#1909298)
    Missing permission check when creating a StreamFilter
  * CVE-2024-7526 (bmo#1910306)
    Uninitialized memory used by WebGL
  * CVE-2024-7527 (bmo#1871303)
    Use-after-free in JavaScript garbage collection
  * CVE-2024-7528 (bmo#1895951)
    Use-after-free in IndexedDB
  * CVE-2024-7529 (bmo#1903187)
    Document content could partially obscure security prompts
- Mozilla Thunderbird 128.0.1
  * fixed: Opening profile import tab then restarting Thunderbird
    caused import tab to malfunction (bmo#1905708)
  * fixed: "Total" column did not display message count when
    using "Grouped by" sorting (bmo#1901439)
  * fixed: Could not add events to CalDAV calendar when UID
    contained special characters (bmo#1716745)
  * fixed: Visual and UX improvements
    (bmo#1906432,bmo#1906499,bmo#1906498)
- Mozilla Thunderbird 128
  * new: UI density now affects multi-message view (bmo#1868863)
  * new: Added new preference `mail.addressDisplayFormat` to
    always display full name and email address of all recipients
    in message list (bmo#243258)
  * new: "Archived-At" message header field is now displayed as a
    link, and Message Permalink option is now available in List-
    Id menu (bmo#512385)
  * new: Threaded message views now include "New Message" count
    (bmo#1883506)
  * new: Cards View hover and selection paradigms introduced to
    better support custom themes and accent colors
    (bmo#1857120,bmo#1863614)
  * new: Added account context menu to Unified Toolbar "Get
    Messages" button, creating quick access option to retrieve
    new messages for individual accounts (bmo#1837152)
  * new: OpenPGP no longer attempts to re-initialize secret key
    storage if individual OpenPGP secret key passphrases have
    been enabled (bmo#1842629)
  * new: OpenPGP Key Manager can now create revocation statements
    for any secret key (bmo#1852565)
  * new: A nested OpenPGP message's signature status is now
    viewable (bmo#1861703)
  * new: Changing expiration of OpenPGP keys with a "complex"
    structure is now supported (bmo#1666507)
  * new: Enabled ECDH encryption and decryption for S/MIME
    messages (bmo#1892223)
  * new: Custom account colors are now shown in the "From" field
    when composing a message (bmo#355520)
  * new: Manual account configuration now implements form
    validation (bmo#1863264)
  * new: iCloud contacts and calendar discovery now supported
    when using a dedicated app password (bmo#1854779)
  * new: Improved layout of LDAP address book properties dialog
    (bmo#1895826)
  * new: Thunderbird now uses native Windows notifications
    (bmo#1192615)
  * new: Added support for OS-specific accent colors
    (bmo#1869893)
  * new: Added system accent color support for various elements
    (bmo#1890993,bmo#1891289)
  * new: Selection indicator added to folder pane and address
    book pane (bmo#1899842)
  * new: Thunderbird now decodes messages nested in attachments
    even if `decodeSubMessages` preference is set to "false"
    (bmo#1881560)
  * changed: Improved Cards View readability and accessibility
    (bmo#1855821,bmo#1856623,bmo#1858578,bmo#1882369,bmo#1864064,
    bmo#1877324,bmo#1860867,bmo#1877324,bmo#1860141)
  * changed: Better threading and unread/new indicators for Cards
    View threaded messages (bmo#1860868,bmo#1855823,bmo#1855824,
    bmo#1870376,bmo#1867078,bmo#1865433,bmo#1860599)
  * changed: Removed Account Provisioner (bmo#1893331)
  * changed: Search bars in Thunderbird now use a common custom
    element for more consistency (bmo#1898130)
  * changed: Updated donation link from "give.thunderbird.net" to
    "www.thunderbird.net/donate/" (bmo#1820676)
  * changed: Activity Manager now shows account and full folder
    path when indexing (bmo#1823024)
  * changed: Spam and Junk message styling in Card UI adjusted to
    be less distracting (bmo#1880163)
  * changed: Removed `mail.openpgp.key_assistant.enable`
    preference (bmo#1868214)
  * changed: Disabled support for LibrePGP v5 AEAD/OCB decryption
    (bmo#1872833)
  * changed: "Permissive" importing of problematic OpenPGP keys
    now disabled by default; Set
    `mail.openpgp.allow_permissive_import` to allow (bmo#1829881)
  * changed: A warning is now displayed when importing OpenPGP
    keys that advertise unsupported features (bmo#1874715)
  * changed: Default sort order of messages in message list
    changed to descending (newest at top) (bmo#481143)
  * changed: Added Show more/less buttons to notifications in
    Account Hub (bmo#1863265)
  * changed: Removed "Becky! Internet Mail" importer
    (bmo#1810915)
  * changed: The "prefer display name" preference for individual
    contacts was removed in favor of the global preference
    (bmo#1894048)
  * changed: Address book updated to new card design
    (bmo#1847427,bmo#1894280,bmo#1898851)
  * changed: Addressbook toolbar updated with the same UI/UX
    paradigms of the folder pane (bmo#1899666)
  * changed: Folder alerts now display full path of affected
    folder (bmo#988792)
  * changed: IMAP "Too Many Connections" alerts now display IMAP
    server name (bmo#561055)
  * changed: Date range intervals in "Find Events" panel updated
    (bmo#1844408)
  * changed: Calendar ICS file import now always uses new
    importer (bmo#1896844)
  * fixed: Thunderbird "--migration" flag opened empty window
    (bmo#1867860)
  * fixed: "Confirm Deletion" prompt was incorrectly shown when
    deleting messages with Grouped By header also selected
    (bmo#1873313)
  * fixed: Thunderbird did not remove temporary directory created
    from adding attachment to message via drag-and-drop
    (bmo#1873950)
  * fixed: Certificate errors silently failed when fetching new
    messages (bmo#1893899)
  * fixed: Clicking on native Windows notifications did not bring
    Thunderbird to the foreground (bmo#1863798)
  * fixed: 3-pane view was blank after starting Thunderbird with
    unsent messages in outbox (bmo#1865806)
  * fixed: Some menu bar items did not work with all Thunderbird
    windows closed on macOS (bmo#1868718)
  * fixed: Sender in multi-message view was right aligned when
    the text wrapped to multiple lines (bmo#1880252)
  * fixed: "Find in this message" did not work in multi-message
    view (bmo#1839005)
  * fixed: Non-compliant "References" headers were not handled
    gracefully when `mailnews.headers.showReferences` was set
    (bmo#1888116)
  * fixed: "news://" URIs failed opening as links or from the
    commandline (bmo#1886132)
  * fixed: Thunderbird sometimes displayed a blank screen on
    startup (bmo#1869685)
  * fixed: Standalone window titles no longer included message
    subject on macOS (bmo#1847622)
  * fixed: Links with IP address as link text and destination
    incorrectly warned user that link text and destination did
    not match (bmo#1804628)
  * fixed: "Open message in conversation" and "Open message in
    containing folder" from a standalone window failed
    (bmo#531319,bmo#1851975,bmo#1877962)
  * fixed: "Get Messages" toolbar button was initially disabled
    after opening a message from a file in a new window
    (bmo#1876662)
  * fixed: "Open Browser With Message-ID" failed for Google
    Groups due to URL change (bmo#1887334)
  * fixed: Focus behavior for opening messages in a new tab
    changed depending on state of `mail.tabs.loadInBackground`
    preference (bmo#1894831)
  * fixed: Focus changes in 3-pane view occassionally caused
    keyboard shortcuts to stop working (bmo#1853442)
  * fixed: Selected row in folder pane did not always remain
    visible when using keyboard navigation (bmo#1868094)
  * fixed: Using middle-mouse click on a message (open in
    background tab) did not work (bmo#1853923)
  * fixed: Group-by-sort Unified folders were slow to open when
    expanded-all (bmo#1875577)
  * fixed: Holding Shift key while selecting "Delete" from
    message context menu did not permanently delete message
    (bmo#956446)
  * fixed: Holding Shift and middle-clicking a message with
    `loadInBackground` preference set to "false" did not open new
    tab in background as expected (bmo#1876883)
  * fixed: "Watch Thread" command was incorrectly available on
    multi-folder and search views (bmo#1368011)
  * fixed: "Ignore Thread" did not work on multi-folder and
    search views (bmo#1861200)
  * fixed: Date column of "Grouped By" message views now
    refreshes at midnight, preventing incorrect dates from being
    displayed (bmo#1520435)
  * fixed: Deleting a mail folder failed silently when disk space
    was low (bmo#1886360)
  * fixed: Undoing deletion of an email from standalone window
    was not possible (bmo#1855643)
  * fixed: Sort type in Quick Filtered and Grouped By unified
    folders was not preserved after search was modified or
    cleared (bmo#1894896)
  * fixed: Unified Folders did not preserve sort setting when
    switching to unthreaded view (bmo#1893793)
  * fixed: Thunderbird did not always display message deletion
    confirmation when using Shift+Delete keyboard shortcut
    (bmo#958088)
  * fixed: Deleting collapsed group in Grouped By Sort did not
    update the message list to reflect the change (bmo#1878047)
  * fixed: Secondary sort was discarded when sorting threaded
    unified folders (bmo#1897781)
  * fixed: Accidental deletion of multiple messages occurred when
    <kbd>Delete</kbd> was pressed and held (bmo#1675212)
  * fixed: Message count for synthetic folder views was sometimes
    incorrect (bmo#1896899)
  * fixed: Count of messages in a thread was not refreshed when a
    message was deleted externally (bmo#1893180)
  * fixed: Tag folders with non-alphanumeric characters did not
    work correctly (bmo#1901926)
  * fixed: Scrolling to an unread message in an expanded thread
    did not show as much of the thread as possible (bmo#1900916)
  * fixed: In a synthetic view, right-clicking an unselected
    message incorrectly selected the message (bmo#1902549)
  * fixed: Messages could not be sorted by columns that were not
    visible (bmo#1830262)
  * fixed: Display columns reverted to default columns after an
    IMAP folder was repaired (bmo#550286)
  * fixed: Mark as "Read By Date" was not available when a folder
    with unread messages was selected (bmo#1904191)
  * fixed: Dynamic height calculation for Cards View based on
    density and font-size (bmo#1865616)
  * fixed: Message List display options were hidden outside of
    Thunderbird window (bmo#1854393)
  * fixed: Compact icon on Unified Toolbar was updated with a
    compact folder icon (bmo#1846323)
  * fixed: Improved localization of OpenPGP strings (bmo#1831909)
  * fixed: Creating a new key from the OpenPGP Key Manager
    erroneously displayed a "Go Back" button on the first page of
    the wizard (bmo#1788962)
  * fixed: Some OpenPGP dialogs' buttons were inaccessible off
    screen (bmo#1733086)
  * fixed: OpenPGP decoding of Base64 data did not allow for
    spaces and tabs before footer (bmo#1883855)
  * fixed: When using an external installation of GnuPG,
    Thunderbird occassionally sent/received corrupted messages
    (bmo#1898832)
  * fixed: Parsing an email address with a comment caused a
    failure for OpenPGP (bmo#1905014)
  * fixed: S/MIME messages did not display MIME message if MIME
    header was missing (bmo#1893039)
  * fixed: S/MIME status (encryption and signature) was not shown
    when opening an email from a file (bmo#1902991)
  * fixed: Add tooltip displaying full folder path when hovering
    over location column of thread pane (bmo#522768)
  * fixed: Clear button was missing from Unified Toolbar
    customization search bar (bmo#1891498)
  * fixed: Global search sometimes loaded slowly when opening
    "Show results as lists" and other synthetic views
    (bmo#1896913)
  * fixed: References and Reply-To headers were not set if they
    were included in `mail.compose.other.header` (bmo#1800759)
  * fixed: Message compose window was not fully disabled while
    message was sending (bmo#1758469)
  * fixed: Delivery Status Notification did not work when sending
    message using "Send Later" (bmo#815638)
  * fixed: Print dialog opened in Message compose window did not
    prevent window interaction (bmo#1758470)
  * fixed: Source of 'news:' links were incorrectly attached to
    messages by default (bmo#1787143)
  * fixed: Password Manager did not remember the last selected
    item when changing sorting or showing/hiding passwords in
    unfiltered view (bmo#1301248)
  * fixed: Entries removed from Password Manager left behind
    blank entries (bmo#1884661)
  * fixed: Messages moved to junk folder from message context
    menu were marked as read, regardless of whether "Mark
    messages determined to be junk as read" was checked/unchecked
    in settings (bmo#1860444)
  * fixed: New posts retrieved from RSS feeds incorrectly played
    mail alert sound (bmo#1871493)
  * fixed: No "Close" button in Cookie Manager on macOS
    (bmo#1042344)
  * fixed: Pressing <kbd style="border-radius:4px;padding:1px 2px
    0;border:1px solid black;">Esc</kbd> did not close the Cookie
    Manager dialog (bmo#1891311)
  * fixed: Modifying Thunderbird UI font size outside of
    Thunderbird caused App Menu > Font Size option to be disabled
    (bmo#1872490)
  * fixed: Chat Account Settings did not allow scrolling to view
    overflowed window contents (bmo#1868796)
  * fixed: Account setup triggered a second OAuth when looking
    for calendars (bmo#1880646)
  * fixed: Google Calendar account detection failed for Google-
    hosted domains when the DNS entry had uppercase characters
    (bmo#1864203)
  * fixed: Thunderbird did not have a preference to enable
    archiving inbox as a folder (bmo#697706)
  * fixed: Yahoo! and AOL account message filters only filtered
    most recent message match (bmo#1865598)
  * fixed: Querying DNS TXT records that return multiple records
    failed (bmo#1571076)
  * fixed: Yahoo! and AOL account message filters only filtered
    most recent message match (bmo#1865598)
  * fixed: "Copy/Cut" context menus did not work in extension
    options pages (bmo#1678057)
  * fixed: Adding duplicate mail addresses in "New/Edit mailing
    list" dialog, pressing OK, then removing one of the duplicate
    addresses caused both addresses to be removed (bmo#1799368)
  * fixed: Address Book scrolling did not work when using
    keyboard navigation (bmo#1870873)
  * fixed: CardDAV addressbooks could not be used as an import
    target (bmo#1893876)
  * fixed: Removing Organizational Properties from a contact did
    not clear all organization-related fields (bmo#1901739)
  * fixed: CardDAV contacts were synced to server when no changes
    were made (bmo#1898136)
  * fixed: Compose window toolbar items were unreadable on macOS
    in dark mode (bmo#1893249)
  * fixed: Dark mode colors were inconsistent throughout
    Thunderbird (bmo#1819232)
  * fixed: NVDA keyboard table navigation of message list did not
    work in table view (bmo#1843486)
  * fixed: IMAP folders containing other folders could not be
    deleted due to Thunderbird using "unsubscribe" IMAP command
    (bmo#1856536)
  * fixed: Draft messages were not replaced when saved to an IMAP
    server without UIDPLUS support (bmo#1882013)
  * fixed: Connection sometimes timed out when a large number of
    POP3 messages were left on server (bmo#1875633)
  * fixed: SMTP messages using GSSAPI authentication failed to
    send (bmo#1883529)
  * fixed: Status of IMAP message download progress was incorrect
    in some locales (bmo#1880043)
  * fixed: Newsgroup messages were sometimes incorrectly
    interleaved when using offline cache (bmo#1857450)
  * fixed: Thunderbird sometimes froze when checking for new
    messages on multiple POP3 accounts simultaneously
    (bmo#1847137)
  * fixed: POP3 tried using USERPASS first (plaintext
    credentials), before attempting AUTH PLAIN and AUTH LOGIN
    (obfuscated credentials) (bmo#1897045)
  * fixed: POP3 server connection sometimes timed out when
    processing LIST and UIDL responses (bmo#1893307)
  * fixed: Restart was necessary to read an NNTP message if a
    network error occured during message retrieval (bmo#1876261)
  * fixed: Account manager and about:support could break if the
    chat buddy list became corrupted (bmo#1902611)
  * fixed: IRC SASL authentication was enabled by default for all
    IRC servers (bmo#1618061)
  * fixed: IMAP accounts with missing or incorrect OAuth
    credentials sometimes caused duplicate dialogs to appear,
    requesting a new OAuth token (bmo#1880211)
  * fixed: Hardware key multi-factor authentication did not work
    in Thunderbird Flatpak (bmo#1882985)
  * fixed: Thunderbird defaulted to insecure connection when
    Exchange Autodiscover configuration was misconfigured
    (bmo#1900178)
  * fixed: Thunderbird incorrectly rejected some valid RSS feeds
    (bmo#1900280)
  * fixed: macOS performance improvements (bmo#1877142)
  * fixed: Updating times of recurring events also modified the
    event exception times (bmo#1890975)
  * fixed: Calendar 'Find Events Pane' did not match search terms
    if they included uppercase letters (bmo#1898856)
  * fixed: Calendar day headings did not switch between short and
    long form when resizing calendar view (bmo#1891739)
  * fixed: Task categories menu did not display category colors
    (bmo#1892673)
  * fixed: Today Pane was not Keyboard accessible (bmo#1898199)
  * fixed: "Item changed on server" calendar dialog did not have
    a scrollbar for long content, causing action buttons to be
    off screen (bmo#1889383)
  * fixed: Accepting/declining appointments did not always send
    confirmation (bmo#1878944)
  * fixed: Convert To > Event did not save events on some CalDAV
    servers (bmo#1738611)
  * fixed: Context menu cleanup (bmo#1890374,bmo#1890375)
  * fixed: Various Cards View UX improvements (bmo#1855821,
    bmo#1855823,bmo#1856623,bmo#1859036,bmo#1855824,bmo#1857120,
    bmo#1858302,bmo#1858578,bmo#1860141,bmo#1860148,bmo#1860599,
    bmo#1864064,bmo#1865433,bmo#1860867,bmo#1863614,bmo#1865616,
    bmo#1867078,bmo#1882592,bmo#1890691,bmo#1863403)
  * fixed: Various visual and UX improvements (bmo#1855611,
    bmo#1870705,bmo#1871001,bmo#1872873,bmo#1869167,bmo#1892849,
    bmo#1893114,bmo#1893148,bmo#1894903,bmo#1895118,bmo#1895119,
    bmo#1895172,bmo#1904365,bmo#1903741,bmo#1891203,bmo#1902817,
    bmo#1902818,bmo#1903093,bmo#1903742,bmo#1904072,bmo#1904316,
    bmo#1892560,bmo#1845204,bmo#1849315,bmo#1865615,bmo#1888750,
    bmo#1889519,bmo#1890044,bmo#1890129,bmo#1890345,bmo#1880835,
    bmo#1894806,bmo#1899235,bmo#1901145,bmo#1901147,bmo#1878414,
    bmo#1891365,bmo#1901547,bmo#1846095,bmo#1861204,bmo#1892560,
    bmo#1281299)
  * fixed: Security fixes
  MFSA 2024-32 (bsc#1226316)
  * CVE-2024-6606 (bmo#1902305)
    Out-of-bounds read in clipboard component
  * CVE-2024-6607 (bmo#1694513)
    Leaving pointerlock by pressing the escape key could be
    prevented
  * CVE-2024-6608 (bmo#1743329)
    Cursor could be moved out of the viewport using pointerlock.
  * CVE-2024-6609 (bmo#1839258)
    Memory corruption in NSS
  * CVE-2024-6610 (bmo#1883396)
    Form validation popups could block exiting full-screen mode
  * CVE-2024-6600 (bmo#1888340)
    Memory corruption in WebGL API
  * CVE-2024-6601 (bmo#1890748)
    Race condition in permission assignment
  * CVE-2024-6602 (bmo#1895032)
    Memory corruption in NSS
  * CVE-2024-6603 (bmo#1895081)
    Memory corruption in thread creation
  * CVE-2024-6611 (bmo#1844827)
    Incorrect handling of SameSite cookies
  * CVE-2024-6612 (bmo#1880374)
    CSP violation leakage when using devtools
  * CVE-2024-6613 (bmo#1900523)
    Incorrect listing of stack frames
  * CVE-2024-6614 (bmo#1902983)
    Incorrect listing of stack frames
  * CVE-2024-6604 (bmo#1748105, bmo#1837550, bmo#1884266)
    Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13,
    Thunderbird 128, and Thunderbird 115.13
  * CVE-2024-6615 (bmo#1892875, bmo#1894428, bmo#1898364)
    Memory safety bugs fixed in Firefox 128 and Thunderbird 128
- remove unneeded patches mozilla-fix-aarch64-libopus.patch
  mozilla-bmo1504834-part3.patch mozilla-bmo1512162.patch
  mozilla-fix-top-level-asm.patch mozilla-bmo531915.patch
  mozilla-partial-revert-1768632.patch
- added patches mozilla-bmo1898476.patch and mozilla-bmo1907511.patch
  to fix Wayland-crashes
- Recommend libfido2-udev on codestreams that exist, in order to try
  to get security keys (e.g. Yubikeys) work out of the box. (bsc#1184272)
-------------------------------------------------------------------
Fri Aug 16 07:18:49 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 115.14
  * fixed: When using an external installation of GnuPG,
    Thunderbird occassionally sent/received corrupted messages
    (bmo#1898832)
  * fixed: Users of external GnuPG were unable to decrypt
    incorrectly encoded messages (bmo#1906903)
  * fixed: Flatpak install of 128.0esr was incorrectly downgraded
    to 115.13.0esr (bmo#1908299)
  * fixed: Security fixes
  MFSA 2024-38 (bsc#1228648)
  * CVE-2024-7519 (bmo#1902307)
    Out of bounds memory access in graphics shared memory
    handling
  * CVE-2024-7521 (bmo#1904644)
    Incomplete WebAssembly exception handing
  * CVE-2024-7522 (bmo#1906727)
    Out of bounds read in editor component
  * CVE-2024-7525 (bmo#1909298)
    Missing permission check when creating a StreamFilter
  * CVE-2024-7526 (bmo#1910306)
    Uninitialized memory used by WebGL
  * CVE-2024-7527 (bmo#1871303)
    Use-after-free in JavaScript garbage collection
  * CVE-2024-7529 (bmo#1903187)
    Document content could partially obscure security prompts
-------------------------------------------------------------------
Wed Jul 17 11:49:41 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 115.13
  * fixed: After starting Thunderbird, the message list position
    was sometimes set to an incorrect position (bmo#1896009)
  * fixed: Security fixes
  MFSA 2024-31 (bsc#1226316)
  * CVE-2024-6600 (bmo#1888340)
    Memory corruption in WebGL API
  * CVE-2024-6601 (bmo#1890748)
    Race condition in permission assignment
  * CVE-2024-6602 (bmo#1895032)
    Memory corruption in NSS
  * CVE-2024-6603 (bmo#1895081)
    Memory corruption in thread creation
  * CVE-2024-6604 (bmo#1748105, bmo#1837550, bmo#1884266)
    Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13,
    Thunderbird 128, and Thunderbird 115.13
-------------------------------------------------------------------
Tue Jul  2 14:47:02 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 115.12.2
  * fixed: Annual Thunderbird Beta appeal intended for
    Thunderbird 115.12.0 did not open as expected (bmo#1898084)
- Added thunderbird-fix-CVE-2024-34703.patch (bsc#1227239)
-------------------------------------------------------------------
Wed Jun 19 07:16:13 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 115.12.1
  * 115.12.0 got pulled because of upstream automation process errors
    and Windows installer signing changes.
    No code changes, changelog is the same as 115.12.0 (bsc#1226495)
-------------------------------------------------------------------
Mon Jun 17 09:01:23 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 115.12
  * fixed: POP error messages from server were not displayed
    (bmo#1876431)
  * fixed: Some OpenPGP messages were incorrectly reported as
    being partially signed or encrypted (bmo#1886396)
  * fixed: Autocrypt header was missing from some encrypted
    messages due to case-sensitive email address matching
    (bmo#1896876)
  * fixed: "Convert to Table" dialog content was formatted
    incorrectly (bmo#1896252)
  * fixed: Opening Theme Settings reverted the current theme to
    the startup theme (bmo#1859271)
  * fixed: Security fixes
  MFSA 2024-28 (bsc#1226027)
  * CVE-2024-5702 (bmo#1193389)
    Use-after-free in networking
  * CVE-2024-5688 (bmo#1895086)
    Use-after-free in JavaScript object transplant
  * CVE-2024-5690 (bmo#1883693)
    External protocol handlers leaked by timing attack
  * CVE-2024-5691 (bmo#1888695)
    Sandboxed iframes were able to bypass sandbox restrictions to
    open a new window
  * CVE-2024-5692 (bmo#1891234)
    Bypass of file name restrictions during saving
  * CVE-2024-5693 (bmo#1891319)
    Cross-Origin Image leak via Offscreen Canvas
  * CVE-2024-5696 (bmo#1896555)
    Memory Corruption in Text Fragments
  * CVE-2024-5700 (bmo#1862809, bmo#1889355, bmo#1893388,
    bmo#1895123)
    Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12,
    and Thunderbird 115.12
-------------------------------------------------------------------
Thu May 16 06:42:23 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 115.11
  * fixed: Splitter arrow between task list and task description
    did not behave as expected (bmo#1888879)
  * fixed: Calendar Event Attendees dialog had incorrectly sized
    rows (bmo#1852304)
  * fixed: Security fixes
  MFSA 2024-23 (bsc#1224056)
  * CVE-2024-4367 (bmo#1893645)
    Arbitrary JavaScript execution in PDF.js
  * CVE-2024-4767 (bmo#1878577)
    IndexedDB files retained in private browsing mode
  * CVE-2024-4768 (bmo#1886082)
    Potential permissions request bypass via clickjacking
  * CVE-2024-4769 (bmo#1886108)
    Cross-origin responses could be distinguished between script
    and non-script content-types
  * CVE-2024-4770 (bmo#1893270)
    Use-after-free could occur when printing to PDF
  * CVE-2024-4777 (bmo#1878199, bmo#1893340)
    Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11,
    and Thunderbird 115.11
-------------------------------------------------------------------
Mon Apr 22 07:09:53 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 115.10.1
  * fixed: Thunderbird processes did not exit cleanly; user
    intervention was required via task manager (bmo#1891889)
  * unresolved: After changing password on an IMAP account, the
    account could become locked due to too many failed login
    attempts (bmo#1862111)
- Mozilla Thunderbird 115.10
  * fixed: Creating a tag in General Settings with a number as
    the tag name did not work (bmo#1881124)
  * fixed: Quick Filter button selections did not persist after
    restart (bmo#1847265)
  * fixed: Collapsing and expanding message list headers
    sometimes caused header to scroll out of view (bmo#1862197)
  * fixed: Single message with no children inside a parent thread
    sometimes displayed incorrectly as a thread with a duplicate
    of itself as its child (bmo#1427546)
  * fixed: "Get selected messages" menu items did not work
    (bmo#1867091)
  * fixed: "Download and Sync Messages" dialog was too short when
    using Russian locale, obscuring OK button (bmo#1881795)
  * fixed: After changing password on an IMAP account, the
    account could become locked due to too many failed login
    attempts (bmo#1862111)
  * fixed: Retrieving multiline POP3 message from server failed
    if message chunk ended in newline instead of carriage return
    and newline (bmo#1883760)
  * fixed: IMAP, POP3, and SMTP Exchange autoconfiguration did
    not support encryption configuration (bmo#1876992)
  * fixed: Non-empty address book search bar interfered with
    displaying/editing contacts (bmo#1833031)
  * fixed: Deleting attendees from "Invite Attendees" view
    removed attendees from view, but not from invite
    (bmo#1874450)
  * fixed: Splitter arrow between task list and task description
    did not behave as expected (bmo#1889562)
  * fixed: Performance improvements and code cleanup
    (bmo#1878257,bmo#1883550)
  * fixed: Security fixes
  * unresolved: Thunderbird processes did not exit cleanly; user
    intervention was required via task manager (bmo#1891889)
  MFSA 2024-20 (bsc#1222535)
  * CVE-2024-3852 (bmo#1883542)
    GetBoundName in the JIT returned the wrong object
  * CVE-2024-3854 (bmo#1884552)
    Out-of-bounds-read after mis-optimized switch statement
  * CVE-2024-3857 (bmo#1886683)
    Incorrect JITting of arguments led to use-after-free during
    garbage collection
  * CVE-2024-2609 (bmo#1866100)
    Permission prompt input delay could expire when not in focus
  * CVE-2024-3859 (bmo#1874489)
    Integer-overflow led to out-of-bounds-read in the OpenType
    sanitizer
  * CVE-2024-3861 (bmo#1883158)
    Potential use-after-free due to AlignedBuffer self-move
  * CVE-2024-3863 (bmo#1885855)
    Download Protections were bypassed by .xrm-ms files on
    Windows
  * CVE-2024-3302 (bmo#1881183, https://kb.cert.org/vuls/id/421644)
    Denial of Service using HTTP/2 CONTINUATION frames
  * CVE-2024-3864 (bmo#1888333)
    Memory safety bug fixed in Firefox 125, Firefox ESR 115.10,
    and Thunderbird 115.10
-------------------------------------------------------------------
Wed Mar 20 11:58:22 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 115.9
  * fixed: Opened ignored messages in a message thread/subthread
    were not marked as read in IMAP folders (bmo#448876)
  * fixed: Multi-language spellcheck sometimes skipped languages
    (bmo#1790746)
  * fixed: Thread tree did not update when live language
    switching (bmo#1842585)
  * fixed: Visual improvements to "Reorder Attachments" popup
    (bmo#1881945)
  * fixed: Sort order was sometimes incorrect in Grouped By views
    (bmo#1866951)
  * fixed: Selecting "Match all messages" in Filter Rules dialog
    did not disable all search criteria (bmo#1879735)
  * fixed: S/MIME-only signed messages sometimes incorrectly
    displayed signature as invalid (bmo#1741362)
  * fixed: OpenPGP keys uploaded to an HKP keyserver were sent
    with the wrong `Content-Type` header (bmo#1879822)
  * fixed: Keyboard navigation within search toolbar did not work
    (bmo#1878543)
  * fixed: Flatpak builds only had the en-US spell check
    dictionary available (bmo#1882352)
  * fixed: Security fixes
  MFSA 2024-14 (bsc#1221327)
  * CVE-2024-0743 (bmo#1867408)
    Crash in NSS TLS method
  * CVE-2024-2605 (bmo#1872920)
    Windows Error Reporter could be used as a Sandbox escape
    vector
  * CVE-2024-2607 (bmo#1879939)
    JIT code failed to save return registers on Armv7-A
  * CVE-2024-2608 (bmo#1880692)
    Integer overflow could have led to out of bounds write
  * CVE-2024-2616 (bmo#1846197)
    Improve handling of out-of-memory conditions in ICU
  * CVE-2023-5388 (bmo#1780432)
    NSS susceptible to timing attack against RSA decryption
  * CVE-2024-2610 (bmo#1871112)
    Improper handling of html and body tags enabled CSP nonce
    leakage
  * CVE-2024-2611 (bmo#1876675)
    Clickjacking vulnerability could have led to a user
    accidentally granting permissions
  * CVE-2024-2612 (bmo#1879444)
    Self referencing object could have potentially led to a use-
    after-free
  * CVE-2024-2614 (bmo#1685358, bmo#1861016, bmo#1880405,
    bmo#1881093)
    Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9,
    and Thunderbird 115.9
-------------------------------------------------------------------
Tue Mar 12 14:09:16 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 115.8.1
  * fixed: Settings: Updating tags failed if Automatic Updates
    were disabled (bmo#1874557)
  * fixed: Size of collapsed folders in folder pane did not
    include size of subfolders (bmo#1870641)
  * fixed: Reversing sort order of Grouped By views in quick
    search did not reverse (bmo#1868816)
  * fixed: Removing threaded messages in a unified folder
    sometimes resulted in an incorrect number of levels in the
    thread (bmo#1871992)
  * fixed: Thread collapsing did not behave correctly when
    copying thread messages in multi-folder view (bmo#1872253)
  * fixed: S/MIME encryption failed to encrypt if unsupported
    certificate type was encountered (bmo#1876931)
  * fixed: Decrypting a copy of an S/MIME encrypted, opaque-
    signed message created an unreadable message (bmo#1878053)
  * fixed: Thunderbird sometimes changed the subject of messages
    selected while simultaneously decrypting a large PGP-
    encrypted message (bmo#1860977)
  * fixed: "Quote message" menu item in compose window did not
    work when replying to message opened in separate tab
    (bmo#1868626)
  * fixed: Toolbar customization window contents overflowed the
    window width (bmo#1852744)
  * fixed: Security fixes
  MFSA 2024-11 (bsc#1221054)
  * CVE-2024-1936 (bmo#1860977)
    Leaking of encrypted email subjects to other conversations
-------------------------------------------------------------------
Wed Feb 21 07:46:54 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 115.8
  * new: Added option to show packet dump when OpenPGP fails to
    decrypt (bmo#1874504)
  * fixed: Thunderbird slowed down significantly when opening
    email files (.eml) (bmo#1863957)
  * fixed: Inbox view intermittently reverted to default view
    after moving or deleting messages (bmo#1725127)
  * fixed: Size of collapsed folders in folder pane did not
    include size of subfolders (bmo#1870641)
  * fixed: Hovering over folder does not always expand subfolders
    (bmo#1873101)
  * fixed: Switching to thread pane of a folder using keyboard
    navigation did not focus top message (bmo#1869557)
  * fixed: Clicking "Sent unsent messages" in Outbox context menu
    while in offline mode did not prompt user to go online
    (bmo#1873487)
  * fixed: Mail tab-specific Unified Toolbar buttons received
    focus incorrectly (bmo#1872239)
  * fixed: Quick Filter settings did not persist when Quick
    Filter bar was turned off (bmo#1850266)
  * fixed: Quick Filters were unusually slow (bmo#1849650)
  * fixed: OpenPGP Key Manager filtering did not work
    (bmo#1873655)
  * fixed: OpenPGP sometimes attempted to decrypt message with
    incorrect key (bmo#1865620)
  * fixed: Autoconfig failed on servers that did not support
    OAuth2 (bmo#1869122)
  * fixed: Opening different attachments with the same name in
    different messages could cause attachment files to become
    conflated (bmo#1873023)
  * fixed: Overflowed attachment list could not be scrolled
    (bmo#1871343)
  * fixed: Passwords disappeared from password manager list after
    applying and clearing filters (bmo#1874646)
  * fixed: Cookies in cookie manager list disappeared after
    applying and then clearing filters (bmo#1876733)
  * fixed: Security fixes
  MFSA 2024-07 (bsc#1220048)
  * CVE-2024-1546 (bmo#1843752)
    Out-of-bounds memory read in networking channels
  * CVE-2024-1547 (bmo#1877879)
    Alert dialog could have been spoofed on another site
  * CVE-2024-1548 (bmo#1832627)
    Fullscreen Notification could have been hidden by select
    element
  * CVE-2024-1549 (bmo#1833814)
    Custom cursor could obscure the permission dialog
  * CVE-2024-1550 (bmo#1860065)
    Mouse cursor re-positioned unexpectedly could have led to
    unintended permission grants
  * CVE-2024-1551 (bmo#1864385)
    Multipart HTTP Responses would accept the Set-Cookie header
    in response parts
  * CVE-2024-1552 (bmo#1874502)
    Incorrect code generation on 32-bit ARM devices
  * CVE-2024-1553 (bmo#1855686, bmo#1867982, bmo#1871498,
    bmo#1872296, bmo#1873521, bmo#1873577, bmo#1873597,
    bmo#1873866, bmo#1874080, bmo#1874740, bmo#1875795,
    bmo#1875906, bmo#1876425, bmo#1878211, bmo#1878286)
    Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8,
    and Thunderbird 115.8
-------------------------------------------------------------------
Wed Jan 24 08:53:28 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 115.7
  * new: Autocrypt Gossip key distribution added (bmo#1853674)
  * fixed: When starting Thunderbird, unread message count did
    not appear on collapsed accounts (bmo#1862774)
  * fixed: Blank window was sometimes displayed when starting
    Thunderbird (bmo#1870817)
  * fixed: Thunderbird "--chrome" flag incorrectly opened extra
    messenger.xhtml (bmo#1866915)
  * fixed: Add-ons did not start correctly when opening
    Thunderbird from other programs (bmo#1800423)
  * fixed: Drag-and-drop installation of add-ons did not work if
    Add-ons Manager was opened from Unified Toolbar (bmo#1862978)
  * fixed: Double-clicking empty space in message pane
    incorrectly opened the currently selected message
    (bmo#1867407)
  * fixed: Canceling SMTP send before progress reached 100% did
    not stop message from sending (bmo#1816540)
  * fixed: PDF attachments open in a separate tab did not always
    restore correctly after restarting Thunderbird (bmo#1846054)
  * fixed: Some OpenPGP dialogs were too small for their contents
    (bmo#1870809)
  * fixed: Account Manager did not work with hostnames entered as
    punycode (bmo#1870720,bmo#1872632)
  * fixed: Downloading complete message from POP3 headers caused
    message tab/window to close when "Close message window/tab on
    move or delete" was enabled (bmo#1861886)
  * fixed: Some ECC GPG keys could not be exported (bmo#1867765)
  * fixed: Contacts deleted from mailing list view still visible
    in Details view (bmo#1799362)
  * fixed: After selecting contacts in Address Book and starting
    a new search, the search results list did not update
    (bmo#1812726)
  * fixed: Various UX and visual improvements (bmo#1866061,bmo#18
    67169,bmo#1867728,bmo#1868079,bmo#1869519,bmo#1832149,bmo#185
    6495,bmo#1861210,bmo#1861286,bmo#1863296,bmo#1864979)
  * fixed: Security fixes
  MFSA 2024-04 (bsc#1218955)
  * CVE-2024-0741 (bmo#1864587)
    Out of bounds write in ANGLE
  * CVE-2024-0742 (bmo#1867152)
    Failure to update user input timestamp
  * CVE-2024-0746 (bmo#1660223)
    Crash when listing printers on Linux
  * CVE-2024-0747 (bmo#1764343)
    Bypass of Content Security Policy when directive unsafe-
    inline was set
  * CVE-2024-0749 (bmo#1813463)
    Phishing site popup could show local origin in address bar
  * CVE-2024-0750 (bmo#1863083)
    Potential permissions request bypass via clickjacking
  * CVE-2024-0751 (bmo#1865689)
    Privilege escalation through devtools
  * CVE-2024-0753 (bmo#1870262)
    HSTS policy on subdomain could bypass policy of upper domain
  * CVE-2024-0755 (bmo#1868456, bmo#1871445, bmo#1873701)
    Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7,
    and Thunderbird 115.7
-------------------------------------------------------------------
Wed Jan 10 09:10:26 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 115.6.1
  * new: OAuth2 now supported for comcast.net (bmo#1844810)
  * fixed: High CPU usage sometimes occurred with IMAP CONDSTORE
    (conditional STORE) enabled (bmo#1839256)
  * fixed: Replying to a collapsed thread via keyboard shortcut
    (Ctrl+R/Cmd+R) opened a reply for every message in the thread
    (bmo#1866819)
  * fixed: Enabling Grouped By view after reversing sort order of
    column header caused messages to be grouped incorrectly
    (bmo#1868794)
  * fixed: Opening thread pane context menu via keyboard did not
    always scroll view to selection (bmo#1867532)
  * fixed: New mail indicator for POP3 accounts did not indicate
    new messages ready to be downloaded (bmo#1870619)
  * fixed: Messages could not be moved to folders using Message >
    Move To if text or a link in the message had been clicked on
    first (bmo#1868474)
  * fixed: MIME part boundaries were not properly terminated
    (bmo#1805558)
-------------------------------------------------------------------
Wed Dec 20 07:40:23 UTC 2023 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 115.6
  * fixed: Message selection misbehaved after selecting a sub-
    message in an expanded thread, collapsing the thread, then
    pressing up/down to move selection (bmo#1865548)
  * fixed: Thunderbird now attempts to reconnect on a new
    connection after SMTP 4xx errors (bmo#1854567)
  * fixed: HTML FileLink attachments used the wrong encoding
    (bmo#1865269)
  * fixed: Security fixes
  MFSA 2023-55 (bsc#1217974)
  * CVE-2023-50762 (bmo#1862625)
    Truncated signed text was shown with a valid OpenPGP
    signature
  * CVE-2023-50761 (bmo#1865647)
    S/MIME signature accepted despite mismatching message date
  * CVE-2023-6856 (bmo#1843782)
    Heap-buffer-overflow affecting WebGL DrawElementsInstanced
    method with Mesa VM driver
  * CVE-2023-6857 (bmo#1796023)
    Symlinks may resolve to smaller than expected buffers
  * CVE-2023-6858 (bmo#1826791)
    Heap buffer overflow in nsTextFragment
  * CVE-2023-6859 (bmo#1840144)
    Use-after-free in PR_GetIdentitiesLayer
  * CVE-2023-6860 (bmo#1854669)
    Potential sandbox escape due to VideoBridge lack of texture
    validation
  * CVE-2023-6861 (bmo#1864118)
    Heap buffer overflow affected nsWindow::PickerOpen(void) in
    headless mode
  * CVE-2023-6862 (bmo#1868042)
    Use-after-free in nsDNSService
  * CVE-2023-6863 (bmo#1868901)
    Undefined behavior in ShutdownObserver()
  * CVE-2023-6864 (bmo#1736385, bmo#1810805, bmo#1846328,
    bmo#1856090, bmo#1858033, bmo#1858509, bmo#1862089,
    bmo#1862777, bmo#1864015)
    Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6,
    and Thunderbird 115.6
-------------------------------------------------------------------
Wed Nov 22 08:36:10 UTC 2023 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 115.5.0
  * fixed: Initial message was not automatically selected when
    opened in conversation (bmo#1856266)
  * fixed: Newsgroup users using FQDN identity generated message
    ID headers with incorrect domain name (bmo#1846837)
  * fixed: Link previews had poor legibility in dark mode
    (bmo#1820244)
  * fixed: Plasma's task switcher displayed the default icon when
    running the Thunderbird Flatpak on Wayland (bmo#1863262)
  * fixed: Link to Flatpak manifest was incorrect (bmo#1863594)
  * fixed: Security fixes
  MFSA 2023-52 (bsc#1217230)
  * CVE-2023-6204 (bmo#1841050)
    Out-of-bound memory access in WebGL2 blitFramebuffer
  * CVE-2023-6205 (bmo#1854076)
    Use-after-free in MessagePort::Entangled
  * CVE-2023-6206 (bmo#1857430)
    Clickjacking permission prompts using the fullscreen
    transition
  * CVE-2023-6207 (bmo#1861344)
    Use-after-free in ReadableByteStreamQueueEntry::Buffer
  * CVE-2023-6208 (bmo#1855345)
    Using Selection API would copy contents into X11 primary
    selection.
  * CVE-2023-6209 (bmo#1858570)
    Incorrect parsing of relative URLs starting with "///"
  * CVE-2023-6212 (bmo#1658432, bmo#1820983, bmo#1829252,
    bmo#1856072, bmo#1856091, bmo#1859030, bmo#1860943,
    bmo#1862782)
    Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5,
    and Thunderbird 115.5.0
- Mozilla Thunderbird 115.4.3
  * fixed: Forwarding multiple messages as attachments failed
    (bmo#1859938)
  * fixed: Message list scrolling fixes (bmo#1827042,bmo#1845391)
  * fixed: Some text remained incorrectly visible in the message
    list when using "Grouped By" sorting (bmo#1839035)
  * fixed: Subject lines were excessively indented in "Grouped
    by" views (bmo#1841256)
  * fixed: "Open Message in Conversation" was incorrectly enabled
    for selections of multiple messages (bmo#1860539)
  * fixed: States of collapsed and expanded threads were not
    maintained when switching folders (bmo#1807063)
  * fixed: Pressing "n" to move to the next unread message on an
    unread, collapsed thread opened the thread and selected the
    second message instead of the first (bmo#1847792)
  * fixed: Search Folders dialog improvements (bmo#1859050)
  * fixed: "Read Messages" button in Account Central did not
    retrieve mail from POP accounts (bmo#1858733)
  * fixed: Events canceled by the organizer were incorrectly sent
    cancelation message (bmo#1861355)
- Mozilla Thunderbird 115.4.2
  * fixed: No messages or calendar items were displayed on
    startup (bmo#1860885)
  * fixed: Toolbar & Folder View widget fixes (bmo#1858750)
  * fixed: Insert image dialog was not properly sized on some
    localized builds (bmo#1860503)
  * fixed: The "unencrypted subject" icon was always briefly
    displayed when replying to a message (bmo#1828591)
  * fixed: RSS feeds with lengthy attachment filenames cut off
    visible content (bmo#1858114)
  * fixed: RSS feeds with no favicon displayed default icon in
    the folder color (bmo#1858178)
  * fixed: NNTP messages that were previously downloaded were not
    displayed if the server went offline (bmo#1859522)
  * fixed: Vcard photos were not imported when using opening the
    file with Thunderbird (bmo#1859114)
  * fixed: Publishing calendars to invalid URLs did not display a
    helpful error (bmo#1841547)
  * fixed: Publishing calendar events via authenticated WebDAV
    failed (bmo#1857033)
  * fixed: Converting a message to an event failed when the
    message pane was not displayed (bmo#1857835)
  * fixed: Redirect dialog displayed for WebDAV calendars was too
    small (bmo#1856340)
  * fixed: Visual and Theme improvements
    (bmo#1844729,bmo#1860218,bmo#1860272)
-------------------------------------------------------------------
Wed Oct 25 06:47:08 UTC 2023 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 115.4.1
  * new: "Manage Newsgroups Subscription" now displayed on
    Account Central when using newsgroups (bmo#1847428)
  * fixed: Manually configured authentication methods on accounts
    did no always persist (bmo#1855515)
  * fixed: "Send Autocrypt key in header" preference was
    available on accounts with no encryption key (bmo#1857541)
  * fixed: SHA-1 certificates were not accepted in Thunderbird
    115; acceptance of SHA-1 messages can now be enabled via
    optional preference (bmo#1854592)
  * fixed: Various Flatpak enhancements
    (bmo#1843110,bmo#1845495,bmo#1850013)
  * fixed: Opening folder in new tab by clicking scroll
    wheel/middle mouse button did not work in Folder Pane
    (bmo#1836853)
  * fixed: Message list did not automatically scroll to new
    messages when switching folders (bmo#1850190)
  * fixed: "Move/Copy to <folder> again" was sometimes displayed
    in the folder context menu when it should not have been
    (bmo#1855160)
  * fixed: Multiple message drafts or message templates could not
    be opened simultaneously for editing (bmo#1853558)
  * fixed: Tools > Filters dialog did not open in Unified Folder
    view if no messages were selected (bmo#1844341)
  * fixed: Printing dialog could be opened, even with no messages
    selected (bmo#1846190)
  * fixed: "From" address was editable when creating a new
    message from a template if the account identity contained
    Unicode characters (bmo#1850055)
  * fixed: Opening a saved .eml file in compose window did not
    preserve message subject from file (bmo#1856166)
  * fixed: Replying to some plaintext messages with desired quote
    selected in original message did not preserve formatting of
    quote (bmo#1839226)
  * fixed: "Edit as New", "Reply", and "Redirect" could not be
    used on multiple messages simultaneously (bmo#1855065)
  * fixed: "Reply to List" option was always enabled, even with
    no list to reply to (bmo#1851971)
  * fixed: "Archive" button in message pane was enabled on
    messages that could not be archived (bmo#1856315)
  * fixed: "Followup-To" label was incorrectly labeled as
    "Newsgroups" (bmo#1854801)
  * fixed: "Save image as" option did not work for RSS feed items
    displayed as a webpage (bmo#1853498)
  * fixed: OTR verification dialog was blank, preventing
    verification of OTR chat sessions (bmo#1852030)
  * fixed: Calendar ICS parser improvements for more reliable
    event import (bmo#1857196)
  * fixed: Permission description strings were missing from Add-
    Ons Manager (bmo#1842490)
  * fixed: Various visual fixes
    (bmo#1855033,bmo#1855204,bmo#1858942,bmo#1857504)
  * fixed: Security fixes
  MFSA 2023-47 (bsc#1216338)
  * CVE-2023-5721 (bmo#1830820)
    Queued up rendering could have allowed websites to clickjack
  * CVE-2023-5732 (bmo#1690979, bmo#1836962)
    Address bar spoofing via bidirectional characters
  * CVE-2023-5724 (bmo#1836705)
    Large WebGL draw could have led to a crash
  * CVE-2023-5725 (bmo#1845739)
    WebExtensions could open arbitrary URLs
  * CVE-2023-5726 (bmo#1846205)
    Full screen notification obscured by file open dialog on
    macOS
  * CVE-2023-5727 (bmo#1847180)
    Download Protections were bypassed by .msix, .msixbundle,
    .appx, and .appxbundle files on Windows
  * CVE-2023-5728 (bmo#1852729)
    Improper object tracking during GC in the JavaScript engine
    could have led to a crash.
  * CVE-2023-5730 (bmo#1836607, bmo#1840918, bmo#1848694,
    bmo#1848833, bmo#1850191, bmo#1850259, bmo#1852596,
    bmo#1853201, bmo#1854002, bmo#1855306, bmo#1855640,
    bmo#1856695)
    Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4,
    and Thunderbird 115.4.1
- Removed upstreamed patch mozilla-fix-broken-ffmpeg.patch
- Mozilla Thunderbird 115.4.0
  * pulled and replaced by 115.4.1
  
- Mozilla Thunderbird 115.3.3
  * fixed: Modifier keys did not work as expected when dragging a
    message over the folder tree on macOS (bmo#1847791)
  * fixed: "Folder Location" toolbar button did not work for
    local folders (bmo#1843979)
  * fixed: "Copy to <folder name> again" option disappeared from
    context menu after copying to Gmail folder with non-ASCII
    name (bmo#1856712)
  * fixed: Default reply identity did not use "Delivered-To"
    address when catch-all was active (bmo#1815559)
  * fixed: "View Headers All" did not work when selected in
    standalone message window (bmo#1855316)
  * fixed: Viewing the mail filter log displayed an error if no
    log file was present (bmo#1789244)
-------------------------------------------------------------------
Mon Oct 16 11:09:49 UTC 2023 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 115.3.2
  * fixed: "Open in conversation" did not open messages in a
    thread view (bmo#1849374)
  * fixed: News messsage with non-ASCII author name were
    incorrectly canceled (bmo#1854023)
  * fixed: Localized "Re: " prefix was not stripped from news
    messages (bmo#1845155)
  * fixed: Thunderbird attempted to load accounts missing server
    hostname, causing blank 3-pane window (bmo#1854064)
  * fixed: Permission description strings were missing from Add-
    Ons Manager (bmo#1842490)
  * fixed: Card View displayed incorrect recipient name for mail
    and news accounts, depending on folder (bmo#1851955)
  * fixed: Spell check dictionary dialog sometimes pushed Close
    button out of view (bmo#1856152)
  * fixed: Importing calendars from iCal files did not work under
    certain circumstances (bmo#1854422)
  * fixed: Calendar invitations were not sent to event
    participants, only organizer (bmo#1847658)
  * fixed: Calendar alarm dialogs with lengthy descriptions
    pushed buttons out of view (bmo#1852682)
  * fixed: Various visual fixes (bmo#1854836)
-------------------------------------------------------------------
Mon Oct  2 08:35:57 UTC 2023 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 115.3.1
  * fixed: In Unified Folders view, some folders had incorrect
    unified folder parent (bmo#1852525)
  * fixed: "Edit message as new" did not restore encrypted
    subject from selected message (bmo#1788534)
  * fixed: Importing some CalDAV calendars with yearly recurrence
    events caused Thunderbird to freeze (bmo#1850732)
  * fixed: Security fixes
  MFSA 2023-44 (bsc#1215814)
  * CVE-2023-5217 (bmo#1855550)
    Heap buffer overflow in libvpx
- Mozilla Thunderbird 115.3
  * fixed: Thunderbird could not import profiles with hostname
    ending in dot (".") (bmo#1825374)
  * fixed: Message header was occasionally missing in message
    preview (bmo#1840943)
  * fixed: Setting an existing folder's type flag did not add
    descendant folders to the Unified Folders view (bmo#1848904)
  * fixed: Thunderbird did not always delete all temporary mail
    files, sometimes preventing messages from being sent
    (bmo#673703)
  * fixed: Status bar in Message Compose window could not be
    hidden (bmo#1806860)
  * fixed: Message header was intermittently missing from message
    preview (bmo#1840943)
  * fixed: OAuth2 did not work on some profiles created in
    Thunderbird 102.6.1 or earlier (bmo#1814823)
  * fixed: In Vertical View, decrypted subject lines were
    displayed as ellipsis ("...") in message list (bmo#1831764)
  * fixed: Condensed address preference
    (mail.showCondensedAddresses) did not show condensed
    addresses in message list (bmo#1831280)
  * fixed: Spam folder could not be assigned non-ASCII names with
    IMAP UTF-8 enabled (bmo#1816332)
  * fixed: Message header was not displayed until images finished
    loading, causing noticeable delay for messages containing
    large images (bmo#1851871)
  * fixed: Large SVG favicons did not display on RSS feeds
    (bmo#1853895)
  * fixed: Context menu items did not display a hover background
    color (bmo#1852732)
  * fixed: Security fixes
  MFSA 2023-43 (bsc#1215575)
  * CVE-2023-5168 (bmo#1846683)
    Out-of-bounds write in FilterNodeD2D1
  * CVE-2023-5169 (bmo#1846685)
    Out-of-bounds write in PathOps
  * CVE-2023-5171 (bmo#1851599)
    Use-after-free in Ion Compiler
  * CVE-2023-5174 (bmo#1848454)
    Double-free in process spawning on Windows
  * CVE-2023-5176 (bmo#1836353, bmo#1842674, bmo#1843824,
    bmo#1843962, bmo#1848890, bmo#1850180, bmo#1850983,
    bmo#1851195)
    Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3,
    and Thunderbird 115.3
- Add patch mozilla-fix-broken-ffmpeg.patch to fix broken build
  with newer binutils (bsc#1215309)
- Fix i586 build by reducing debug info to -g1. (boo#1210168)
- Mozilla Thunderbird 115.2.3
  * changed: Card view and vertical layout are now default for
    new profiles (bmo#1849000)
  * fixed: Go > Folder menu was disabled (bmo#1849919)
  * fixed: "Tools" menu was blank when opened from compose window
    on macOS (bmo#1848155)
  * fixed: Deleting an attachment from a message on an IMAP
    server corrupted the local copy when configured with "mark as
    deleted" (bmo#1135434)
  * fixed: Manually entered passwords were not remembered for
    OAuth-authenticated accounts such as Yahoo mail (bmo#1673446)
  * fixed: Quick Filter's "Keep filters applied" did not persist
    after restarting Thunderbird (bmo#1846880,bmo#1849221)
  * fixed: Top-level Quick Filter settings did not persist after
    restart (bmo#1849249)
  * fixed: Notifications for new messages with non-ASCII
    characters in the subject were garbled (bmo#1842384)
  * fixed: "Mark Thread As Read" did not work when some messages
    in thread were already read (bmo#1850850)
  * fixed: New Groups tab in NNTP subscribe dialog id not work as
    expected (bmo#1848366)
  * fixed: Negative values were allowed in "Share for files
    larger than" field (bmo#1850281)
  * fixed: Thunderbird sometimes crashed when deleting a parent
    folder with subfolders (bmo#1851293)
  * fixed: "Send Message Error" appeared intermittently while
    Thunderbird was idle (bmo#1801668)
  * fixed: Focused but not selected messages were missing visual
    indication of focus in card view (bmo#1844263)
  * fixed: Notification dot did not disappear from taskbar icon
    on Windows after messages had already been read (bmo#1824889)
  * fixed: Multiple selected messages could not be opened
    simultaneously if selection included more than 19 messages
    (bmo#1851563)
  * fixed: Email replies received via BCC incorrectly populated
    From field with default identity (bmo#1851512)
  * fixed: User was not always notified of message send failures
    in outbox (bmo#1851542)
  * fixed: Tag dialog did not close properly after editing tag
    (bmo#1852414)
  * fixed: Newsgroup field in compose window did not autocomplete
    with suggested newsgroup names (bmo#1670457)
  * fixed: Canceling newsgroup messages did not check if sender
    matched user's own identity (bmo#1823274)
  * fixed: Event dialog with several invitees expanded beyond
    screen height (bmo#1848261)
  * fixed: Message check boxes were partially obstructed in
    message list (bmo#1850760)
  * unresolved: Some folders missing from Unified Folders ()
-------------------------------------------------------------------
Wed Sep 13 07:04:14 UTC 2023 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 115.2.2
  * fixed: Security fixes
  MFSA 2023-40 (bsc#1215245)
  * CVE-2023-4863
    (https://bugs.chromium.org/p/chromium/issues/detail?id=1479274,
    bmo#1852649)
    Heap buffer overflow in libwebp
- Mozilla Thunderbird 115.2.1
  * new: Column separators are now shown between all columns in
    tree view (bmo#1847441)
  * fixed: Crash reporter did not work in Thunderbird Flatpak
    (bmo#1843102)
  * fixed: New mail notification always opened message in message
    pane, even if pane was disabled (bmo#1840092)
  * fixed: After moving an IMAP message to another folder, the
    incorrect message was selected in the message list
    (bmo#1845376)
  * fixed: Adding a tag to an IMAP message opened in a tab failed
    (bmo#1844452)
  * fixed: Junk/Spam folders were not always shown in Unified
    Folders mode (bmo#1838672)
  * fixed: Middle-clicking a folder or message did not open it in
    a background tab, as in previous versions (bmo#1842482)
  * fixed: Settings tab visual improvements: Advanced Fonts
    dialog, Section headers hidden behind search box
    (bmo#1717382,bmo#1846751)
  * fixed: Various visual and style fixes
    (bmo#1843707,bmo#1849823)
- Mozilla Thunderbird 115.2
  * new: Thunderbird MSIX packages are now published on
    archive.mozilla.org (bmo#1817657)
  * changed: Size, Unread, and Total columns are now right-
    aligned (bmo#1848604)
  * changed: Newsgroup names in message list header are now
    abbreviated (bmo#1833298)
  * fixed: Message compose window did not apply theme colors to
    menus (bmo#1845699)
  * fixed: Reading the second new message in a folder cleared the
    unread indicator of all other new messages (bmo#1839805)
  * fixed: Displayed counts of unread or flagged messages could
    become out-of-sync (bmo#1846860)
  * fixed: Deleting a message from the context menu with messages
    sorted in chronological order and smooth scroll enabled
    caused message list to scroll to top (bmo#1843462)
  * fixed: Repeatedly switching accounts in Subscribe dialog
    caused tree view to stop updating (bmo#1845593)
  * fixed: "Ignore thread" caused message cards to display
    incorrectly in message list (bmo#1847966)
  * fixed: Creating tags from unified toolbar failed
    (bmo#1846336)
  * fixed: Cross-folder navigation using F and N did not work
    (bmo#1845011)
  * fixed: Account Manager did not resize to fit content, causing
    "Close" button to become hidden outside bounds of dialog when
    too many accounts were listed (bmo#1847555)
  * fixed: Remote content exceptions could not be added in
    Settings (bmo#1847576)
  * fixed: Newsgroup list file did not get updated after adding a
    new NNTP server (bmo#1845464)
  * fixed: "Download all headers" option in NNTP "Download
    Headers" dialog was incorrectly selected by default
    (bmo#1845457)
  * fixed: "Convert to event/task" was missing from mail context
    menu (bmo#1817705)
  * fixed: Events and tasks were not shown in some cases despite
    being present on remote server (bmo#1827100)
  * fixed: Various visual and UX improvements
    (bmo#1844244,bmo#1845645)
  * fixed: Security fixes
  MFSA 2023-38 (bsc#1214606)
  * CVE-2023-4573 (bmo#1846687)
    Memory corruption in IPC CanvasTranslator
  * CVE-2023-4574 (bmo#1846688)
    Memory corruption in IPC ColorPickerShownCallback
  * CVE-2023-4575 (bmo#1846689)
    Memory corruption in IPC FilePickerShownCallback
  * CVE-2023-4576 (bmo#1846694)
    Integer Overflow in RecordedSourceSurfaceCreation
  * CVE-2023-4577 (bmo#1847397)
    Memory corruption in JIT UpdateRegExpStatics
  * CVE-2023-4051 (bmo#1821884)
    Full screen notification obscured by file open dialog
  * CVE-2023-4578 (bmo#1839007)
    Error reporting methods in SpiderMonkey could have triggered
    an Out of Memory Exception
  * CVE-2023-4053 (bmo#1839079)
    Full screen notification obscured by external program
  * CVE-2023-4580 (bmo#1843046)
    Push notifications saved to disk unencrypted
  * CVE-2023-4581 (bmo#1843758)
    XLL file extensions were downloadable without warnings
  * CVE-2023-4582 (bmo#1773874)
    Buffer Overflow in WebGL glGetProgramiv
  * CVE-2023-4583 (bmo#1842030)
    Browsing Context potentially not cleared when closing Private
    Window
  * CVE-2023-4584 (bmo#1843968, bmo#1845205, bmo#1846080,
    bmo#1846526, bmo#1847529)
    Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15,
    Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2
  * CVE-2023-4585 (bmo#1751583, bmo#1833504, bmo#1841082,
    bmo#1847904, bmo#1848999)
    Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2,
    and Thunderbird 115.2
-------------------------------------------------------------------
Thu Aug 17 07:59:34 UTC 2023 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 115.1.1
  * fixed: Some HTML emails printed headers on first page and
    message on subsequent pages (bmo#1843628)
  * fixed: Deleting messages from message list sometimes scrolled
    list to bottom, selecting bottommost message (bmo#1835173)
  * fixed: Width of icon columns (like Junk or Starred) in
    message list did not adjust when UI density was changed
    (bmo#1843014)
  * fixed: Old OpenPGP secret keys could not be used to decrypt
    messages under certain circumstances (bmo#1835786)
  * fixed: When multiple folder modes were active, tab focus
    navigated through all folder mode options before reaching
    message list (bmo#1842060)
  * fixed: Unread message count badge was not displayed on parent
    folders of subfolder containing unread messages (bmo#1844534)
  * fixed: "Undo archive" (via Ctrl-Z) did not un-archive
    previously archived messages (bmo#1829340)
  * fixed: "New" button dropdown menu in "Message Filters" dialog
    could not be opened via keyboard navigation (bmo#1843511)
  * fixed: "Show New Mail Alert for" input field in "Customize
    New Mail Alert" dialog had zero width when using certain
    language packs (bmo#1845832)
  * fixed: "Account Wizard" dialog was too narrow when adding a
    news server, partially hiding confirmation buttons
    (bmo#1846588)
  * fixed: Link Properties and Image Properties dialogs in the
    composer were too wide (bmo#1816850)
  * fixed: Thunderbird version number and details in "About"
    dialog were not automatically read by screen readers when
    first opening dialog (bmo#1847078)
  * fixed: Flatpak improvements and bug fixes
    (bmo#1825399,bmo#1843094,bmo#1843097)
  * fixed: Various visual and UX improvements (bmo#1846262)
-------------------------------------------------------------------
Wed Aug  2 07:02:11 UTC 2023 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 115.1.0
  * changed: Quick Filter bar is now hidden by default
    (bmo#1835685)
  * changed: Mail tab toolbar and Unified toolbar heights
    adjusted to be more consistent (bmo#1843804,bmo#1845500)
  * fixed: Message-ID header used account domain instead of
    "From" field domain (bmo#1727181)
  * fixed: Zooming did not work in multi-message view
    (bmo#1839006)
  * fixed: "Clear Recent History" dialog did not resize correctly
    to fit content (bmo#1843233)
  * fixed: Tooltip containing full message title did not appear
    when hovering over message in card view (bmo#1843188)
  * fixed: Message List column headers became transparent in
    increased contrast mode (bmo#1842893)
  * fixed: Message List card padding was incorrect in compact
    view (bmo#1843480)
  * fixed: Total message counts and folder sizes were also hidden
    when "Hide Local Folders" was selected in Folder Pane options
    (bmo#1843135)
  * fixed: Messages in deeply nested IMAP folders were
    inaccessible (bmo#1843637)
  * fixed: Thunderbird Flatpak could not be executed from
    terminal using command "thunderbird" (bmo#1843051)
  * fixed: CardDAV address book dialog did not resize properly to
    show all available address books (bmo#1836214)
  * fixed: Various visual and style fixes
    (bmo#1843459,bmo#1844763,bmo#1838519)
  MFSA 2023-33 (bsc#1213746)
  * CVE-2023-4045 (bmo#1833876)
    Offscreen Canvas could have bypassed cross-origin
    restrictions
  * CVE-2023-4046 (bmo#1837686)
    Incorrect value used during WASM compilation
  * CVE-2023-4047 (bmo#1839073)
    Potential permissions request bypass via clickjacking
  * CVE-2023-4048 (bmo#1841368)
    Crash in DOMParser due to out-of-memory conditions
  * CVE-2023-4049 (bmo#1842658)
    Fix potential race conditions when releasing platform objects
  * CVE-2023-4050 (bmo#1843038)
    Stack buffer overflow in StorageManager
  * CVE-2023-4052 (bmo#1824420)
    File deletion and privilege escalation through Firefox
    uninstaller
  * CVE-2023-4054 (bmo#1840777)
    Lack of warning when opening appref-ms files
  * CVE-2023-4055 (bmo#1782561)
    Cookie jar overflow caused unexpected cookie jar state
  * CVE-2023-4056 (bmo#1820587, bmo#1824634, bmo#1839235,
    bmo#1842325, bmo#1843847)
    Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1,
    Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14
  * CVE-2023-4057 (bmo#1841682)
    Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1,
    and Thunderbird 115.1
- Remove now upstreamed patch mozilla-bmo1775202.patch 
-------------------------------------------------------------------
Wed Jul 26 12:42:48 UTC 2023 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Remove bashisms from startup-script (bsc#1213657)
-------------------------------------------------------------------
Tue Jul 25 06:42:54 UTC 2023 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 115.0.1
  * changed: Added Thunderbird Supernova branding to about:dialog
    (bmo#1842102)
  * fixed: Message list was not updated when message was deleted
    from server outside of Thunderbird (bmo#1837041)
  * fixed: Scrolling behaved unexpectedly when moving to next
    message unread message in another folder (bmo#1841711)
  * fixed: Scrolling animation was unnecessarily used when
    switching or toggling the sort column in message list
    (bmo#1838522)
  * fixed: Attempting to delete a message and then cancelling the
    action still marked the message as read (bmo#793353)
  * fixed: Unified Toolbar could not be customized under certain
    tabs (bmo#1841480)
  * fixed: Selecting a folder with one or more subfolders and
    pressing enter did not expand folder (bmo#1841200)
  * fixed: Tooltips did not appear when hovering over folders
    (bmo#1839780)
  * fixed: Deleting large amounts of messages from Trash folder
    consumed excessive time and memory (bmo#1833665)
  * fixed: Message Summary header buttons were not keyboard
    accessible (bmo#1827199)
  * fixed: "New" button in Message Filters dialog was not
    keyboard accessible (bmo#1841477)
  * fixed: Backing up secret keys from OpenPGP Key Manager dialog
    silently failed (bmo#1839415)
  * fixed: Various visual and UX improvements
    (bmo#1843172,bmo#1831422,bmo#1838360,bmo#1842319)
  * fixed: Security fixes
  MFSA 2023-27 (bsc#1212438)
  * CVE-2023-3600 (bmo#1839703)
    Use-after-free in workers
  * CVE-2023-3417 (bmo#1835582)
    File Extension Spoofing using the Text Direction Override
    Character
- Remove obsolete patches mozilla-bmo1568145.patch, mozilla-bmo1005535.patch,
   mozilla-s390x-skia-gradient.patch
-------------------------------------------------------------------
Mon Jun 12 11:56:58 UTC 2023 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 102.12
  * fixed: "Searching the directory for recipients certificates"
    popup could block compose window when "S/MIME reminder" was
    enabled and using an LDAP address book (bmo#1833651)
  * fixed: Some elements still used animations with "prefers-
    reduced-motion" set (bmo#1833353)
  * fixed: Visual and theme improvements
    (bmo#1832943,bmo#1832990)
  * fixed: Security fixes
  MFSA 2023-21 (bsc#1211922)
  * CVE-2023-34414 (bmo#1695986)
    Click-jacking certificate exceptions through rendering lag
  * CVE-2023-34416 (bmo#1752703, bmo#1818394, bmo#1826875,
    bmo#1827340, bmo#1827655, bmo#1828065, bmo#1830190,
    bmo#1830206, bmo#1830795, bmo#1833339)
    Memory safety bugs fixed in Thunderbird 102.12
-------------------------------------------------------------------
Tue May 30 09:46:33 UTC 2023 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 102.11.2
  * fixed: Thunderbird 102.11.1 contained POP3 client regressions
    with offline mode and TLS certificate overrides
    (bmo#1801286,bmo#1816596,bmo#1798785)
- Mozilla Thunderbird 102.11.1
  * fixed: POP message retrieval stopped after a network error
    occurred and connectivity was restored (bmo#1798785)
  * fixed: Reused SMTP connections sometimes silently
    disconnected, causing timeouts (bmo#1766382)
  * fixed: Thunderbird could freeze if saving a sent message to
    IMAP failed (bmo#1745130)
  * fixed: Creating OpenPGP keys with no expiration was not
    possible (bmo#1830094)
  * fixed: News reader did not always issue GROUP command after
    authentication with remote server, preventing Thundebird from
    displaying or refreshing news from the server (bmo#1824377)
- Update keyring
-------------------------------------------------------------------
Thu May 11 09:06:07 UTC 2023 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 102.11
  * fixed: During Account Setup, the "Checking password..."
    message was not removed after a failure (bmo#1826022)
  * fixed: Miscellaneous UI fixes (bmo#1827070)
  * fixed: Security fixes
  MFSA 2023-18 (bsc#1211175)
  * CVE-2023-32205 (bmo#1753339, bmo#1753341)
    Browser prompts could have been obscured by popups
  * CVE-2023-32206 (bmo#1824892)
    Crash in RLBox Expat driver
  * CVE-2023-32207 (bmo#1826116)
    Potential permissions request bypass via clickjacking
  * CVE-2023-32211 (bmo#1823379)
    Content process crash due to invalid wasm code
  * CVE-2023-32212 (bmo#1826622)
    Potential spoof due to obscured address bar
  * CVE-2023-32213 (bmo#1826666)
    Potential memory corruption in FileReader::DoReadData()
  * CVE-2023-32214 (bmo#1828716)
    Potential DoS via exposed protocol handlers
  * CVE-2023-32215 (bmo#1540883, bmo#1751943, bmo#1814856,
    bmo#1820210, bmo#1821480, bmo#1827019, bmo#1827024,
    bmo#1827144, bmo#1827359, bmo#1830186)
    Memory safety bugs fixed in Thunderbird 102.11
-------------------------------------------------------------------
Wed Apr 26 09:50:04 UTC 2023 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 102.10.1
  * fixed: Messages with missing or corrupt "From:" header did
    not display message header buttons (bmo#1793918)
  * fixed: Composer repeatedly prompted for S/MIME smartcard
    signing/encryption password (bmo#1828366)
  * fixed: Address Book integration did not work with macOS 11.4
    Bug Sur (bmo#1720257)
  * fixed: Mexico City DST fix in Thunderbird 102.10.0 (bug
    1826146) was incomplete (bmo#1827503)
- Mozilla Thunderbird 102.10
  * changed: New messages will automatically select S/MIME if
    configured and OpenPGP is not (bmo#1793278)
  * fixed: Calendar events with timezone America/Mexico_City
    incorrectly applied Daylight Savings Time (bmo#1826146)
  * fixed: Security fixes
  MFSA 2023-15 (bsc#1210212)
  * CVE-2023-29531 (bmo#1794292)
    Out-of-bound memory access in WebGL on macOS
  * CVE-2023-29532 (bmo#1806394)
    Mozilla Maintenance Service Write-lock bypass
  * CVE-2023-29533 (bmo#1798219, bmo#1814597)
    Fullscreen notification obscured
  * CVE-2023-1999 (bmo#1819244)
    Double-free in libwebp
  * CVE-2023-29535 (bmo#1820543)
    Potential Memory Corruption following Garbage Collector
    compaction
  * CVE-2023-29536 (bmo#1821959)
    Invalid free from JavaScript code
  * CVE-2023-0547 (bmo#1811298)
    Revocation status of S/Mime recipient certificates was not
    checked
  * CVE-2023-29479 (bmo#1824978)
    Hang when processing certain OpenPGP messages
  * CVE-2023-29539 (bmo#1784348)
    Content-Disposition filename truncation leads to Reflected
    File Download
  * CVE-2023-29541 (bmo#1810191)
    Files with malicious extensions could have been downloaded
    unsafely on Linux
  * CVE-2023-29542 (bmo#1810793, bmo#1815062)
    Bypass of file download extension restrictions
  * CVE-2023-29545 (bmo#1823077)
    Windows Save As dialog resolved environment variables
  * CVE-2023-1945 (bmo#1777588)
    Memory Corruption in Safe Browsing Code
  * CVE-2023-29548 (bmo#1822754)
    Incorrect optimization result on ARM64
  * CVE-2023-29550 (bmo#1720594, bmo#1751945, bmo#1812498,
    bmo#1814217, bmo#1818357, bmo#1818762, bmo#1819493,
    bmo#1820389, bmo#1820602, bmo#1821448, bmo#1822413,
    bmo#1824828)
    Memory safety bugs fixed in Thunderbird 102.10
-------------------------------------------------------------------
Thu Mar 30 10:36:35 UTC 2023 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 102.9.1
  * fixed: Thunderbird was unable to open file URLs from command
    line (URLs beginning with "file://") (bmo#1816343)
  * fixed: Source strings for localized builds not uploaded to
    FTP as expected (bmo#1817086)
  * fixed: Visual and theme improvements
    (bmo#1821358,bmo#1822286)
  * fixed: Security fixes
  MFSA 2023-12 (bsc#1209953)
  * CVE-2023-28427 (bmo#1822595)
    Matrix SDK bundled with Thunderbird vulnerable to denial-of-
    service attack
-------------------------------------------------------------------
Mon Mar 20 09:46:16 UTC 2023 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 102.9
  * fixed: Notification about a sender's changed OpenPGP key was
    not immediately visible (bmo#1814003)
  * fixed: TLS Certificate Override dialog did not appear when
    retrieving messages via IMAP using "Get Messages" context
    menu (bmo#1816596)
  * fixed: Spellcheck dictionaries were missing from localized
    Thunderbird builds that should have included them
    (bmo#1818257)
  * fixed: Tooltips for "Show/Hide" calendar toggle did not
    display (bmo#1809557)
  * fixed: Various security fixes
  MFSA 2023-11 (bsc#1209173)
  * CVE-2023-25751 (bmo#1814899)
    Incorrect code generation during JIT compilation
  * CVE-2023-28164 (bmo#1809122)
    URL being dragged from a removed cross-origin iframe into the
    same tab triggered navigation
  * CVE-2023-28162 (bmo#1811327)
    Invalid downcast in Worklets
  * CVE-2023-25752 (bmo#1811627)
    Potential out-of-bounds when accessing throttled streams
  * CVE-2023-28163 (bmo#1817768)
    Windows Save As dialog resolved environment variables
  * CVE-2023-28176 (bmo#1808352, bmo#1811637, bmo#1815904,
    bmo#1817442, bmo#1818674)
    Memory safety bugs fixed in Thunderbird 102.9
-------------------------------------------------------------------
Thu Feb 16 09:20:54 UTC 2023 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 102.8.0
  * new: Added option to build RNP library with OpenSSL backend
    (use "--with-librnp-backend=openssl" configure option)
    (bmo#1799123,bmo#1805215)
  * changed: Thunderbird now warns user that OpenPGP is disabled
    if RNP library is outdated or missing (bmo#1799874)
  * fixed: "Get Messages" did not retrieve messages from Gmail
    accounts using a local folder as a deferred inbox
    (bmo#1799106)
  * fixed: Various visual and UX improvements
    (bmo#1777788,bmo#1790278)
  * unresolved: Source strings for localized builds not uploaded
    to FTP as expected (bmo#1817086)
  * fixed: Various security fixes
  MFSA 2023-07 (bsc#1208144)
  * CVE-2023-0616 (bmo#1806507)
    User Interface lockup with messages combining S/MIME and
    OpenPGP
  * CVE-2023-25728 (bmo#1790345)
    Content security policy leak in violation reports using
    iframes
  * CVE-2023-25730 (bmo#1794622)
    Screen hijack via browser fullscreen mode
  * CVE-2023-0767 (bmo#1804640)
    Arbitrary memory write via PKCS 12 in NSS
  * CVE-2023-25735 (bmo#1810711)
    Potential use-after-free from compartment mismatch in
    SpiderMonkey
  * CVE-2023-25737 (bmo#1811464)
    Invalid downcast in SVGUtils::SetupStrokeGeometry
  * CVE-2023-25738 (bmo#1811852)
    Printing on Windows could potentially crash Thunderbird with
    some device drivers
  * CVE-2023-25739 (bmo#1811939)
    Use-after-free in
    mozilla::dom::ScriptLoadContext::~ScriptLoadContext
  * CVE-2023-25729 (bmo#1792138)
    Extensions could have opened external schemes without user
    knowledge
  * CVE-2023-25732 (bmo#1804564)
    Out of bounds memory write from EncodeInputStream
  * CVE-2023-25734 (bmo#1784451, bmo#1809923, bmo#1810143,
    bmo#1812338)
    Opening local .url files could cause unexpected network loads
  * CVE-2023-25742 (bmo#1813424)
    Web Crypto ImportKey crashes tab
  * CVE-2023-25746 (bmo#1544127, bmo#1762368, bmo#1789449,
    bmo#1803628, bmo#1810536)
    Memory safety bugs fixed in Thunderbird 102.8
-------------------------------------------------------------------
Wed Feb  8 09:53:35 UTC 2023 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 102.7.2
  * fixed: Various crash fixes (bmo#1806245,bmo#1806247)
-------------------------------------------------------------------
Fri Jan 20 08:32:08 UTC 2023 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 102.7.1
  * fixed: Microsoft Office 365 accounts were unable to
    authenticate (bmo#1810760)
  * fixed: Switching identities caused remote images in HTML
    signatures to not be shown (bmo#1807200)
  * fixed: Thunderbird failed to import vCards that contained
    "\r\r\n" line endings (bmo#1800305)
  * fixed: Contribution button for add-ons opened Contribution
    page in a Thunderbird tab, instead of the external browser
    (bmo#1805808)
  * fixed: XMPP did not respond to unrecognized IQ queries,
    causing some servers to close the connection (bmo#1806630)
  * fixed: Window titlebar buttons (minimize/maximize/close) were
    not displayed in Windows 10 "Dark" color mode (bmo#1810961)
  * fixed: Various security fixes
  MFSA 2023-04 (bsc#1207119)
  * CVE-2023-0430 (bmo#1769000)
    Revocation status of S/Mime signature certificates was not
    checked
- Mozilla Thunderbird 102.7
  * new: Enterprise policies now support Thunderbird-specific
    preferences (bmo#1791637)
  * fixed: Localized builds and langpacks now use "comm-l10n"
    repository; downstream builds using official langpacks should
    not need to make changes
    (bmo#1765629,bmo#1766080,bmo#1801150,bmo#1807161)
  * fixed: Having too many folders open at startup caused loss of
    MSF files (bmo#1800202)
  * fixed: Copying an email from one local folder to another
    local folder sometimes caused "Another Operation is using the
    folder" error on Windows 7 (bmo#1792071)
  * fixed: Email address pill allowed for incorrectly formatted
    email addresses (bmo#1799390)
  * fixed: Creating security exceptions for messages sent using a
    self-signed certificate failed if hostname contained
    uppercase letters (bmo#1735803)
  * fixed: S/MIME certificate verification was prohibitively slow
    (bmo#1791130)
  * fixed: OpenPGP key import failed for key blocks with comments
    that contain Unicode characters (bmo#1721668)
  * fixed: Chat conversation sidebar was too wide under certain
    circumstances, making scrollbar unusable (bmo#1801645)
  * fixed: On Mac, deleting events from Today Pane with
    "Backspace" key deleted selected messages instead
    (bmo#1763468)
  * fixed: Various security fixes
  * unresolved: OAuth2 authentication not working for Microsoft
    365 Enterprise accounts. See the Blog post for additional information.
    (bmo#1810760)
  MFSA 2023-03 (bsc#1207119)
  * CVE-2022-46871 (bmo#1795697)
    libusrsctp library out of date
  * CVE-2023-23598 (bmo#1800425)
    Arbitrary file read from GTK drag and drop on Linux
  * CVE-2023-23599 (bmo#1777800)
    Malicious command could be hidden in devtools output on
    Windows
  * CVE-2023-23601 (bmo#1794268)
    URL being dragged from cross-origin iframe into same tab
    triggers navigation
  * CVE-2023-23602 (bmo#1800890)
    Content Security Policy wasn't being correctly applied to
    WebSockets in WebWorkers
  * CVE-2022-46877 (bmo#1795139)
    Fullscreen notification bypass
  * CVE-2023-23603 (bmo#1800832)
    Calls to <code>console.log</code> allowed bypasing Content
    Security Policy via format directive
  * CVE-2023-23605 (bmo#1764921, bmo#1802690, bmo#1806974)
    Memory safety bugs fixed in Thunderbird 102.7
  
-------------------------------------------------------------------
Fri Dec 23 07:56:41 UTC 2022 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 102.6.1
  * fixed: Remote content did not load in user-defined signatures
    (bmo#1803942)
  * fixed: Addons that added new action buttons were not shown
    for addon upgrades, requiring removal and reinstall
    (bmo#1793430)
  * fixed: Various stability improvements
    (bmo#1798181,bmo#1797616)
  * fixed: Security fix
  MFSA 2022-53 (bsc#1206653)
  * CVE-2022-46874 (bmo#1746139)
    Drag and Dropped Filenames could have been truncated to
    malicious extensions
-------------------------------------------------------------------
Tue Dec 13 15:25:59 UTC 2022 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 102.6
  * fixed: Importing secret OpenPGP keys failed when public key
    with public subkey was already present (bmo#1795698)
  * fixed: Message index files were incorrectly deleted when too
    many folders were opened (bmo#1787609)
  * fixed: Thunderbird sometimes incorrectly formatted synced
    vCards (bmo#1792542)
  * fixed: Recurring events did not display past a certain number
    of repetitions (bmo#1789437)
  * fixed: Cookies deleted from the "Show Cookies" dialog were
    not actually deleted (bmo#1803795)
  * fixed: Paused RSS feeds did not actually pause updates
    (bmo#1789120)
  * fixed: Various visual and UX improvements
    (bmo#1800189,bmo#1800537,bmo#1801080)
  MFSA 2022-52 (bsc#1206242)
  * CVE-2022-46880 (bmo#1749292)
    Use-after-free in WebGL
  * CVE-2022-46872 (bmo#1799156)
    Arbitrary file read from a compromised content process
  * CVE-2022-46881 (bmo#1770930)
    Memory corruption in WebGL
  * CVE-2022-46874 (bmo#1746139)
    Drag and Dropped Filenames could have been truncated to
    malicious extensions
  * CVE-2022-46875 (bmo#1786188)
    Download Protections were bypassed by .atloc and .ftploc
    files on Mac OS
  * CVE-2022-46882 (bmo#1789371)
    Use-after-free in WebGL
  * CVE-2022-46878 (bmo#1782219, bmo#1797370, bmo#1797685,
    bmo#1801102, bmo#1801315, bmo#1802395)
    Memory safety bugs fixed in Thunderbird 102.6
-------------------------------------------------------------------
Fri Dec  2 10:14:50 UTC 2022 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 102.5.1
  * changed: Mail extension API updates. See Mail Extension API
    Docs.
  * fixed: "Copy to <folder> again" menu item was not present
    after copying message to folder with Unicode name on Unicode-
    enabled IMAP server (bmo#1798172)
  * fixed: Calendar date picker was displayed behind "Send Later"
    window (bmo#1791537)
  * fixed: Various security fixes
  MFSA 2022-50 (bsc#1205941)
  * CVE-2022-45414 (bmo#1788096)
    Quoting from an HTML email with certain tags will trigger
    network requests and load remote content, regardless of a
    configuration to block remote content
-------------------------------------------------------------------
Wed Nov 16 09:04:26 UTC 2022 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 102.5
  * changed: `Ctrl+N` shortcut to create new contacts from
    address book restored (bmo#1751288)
  * fixed: Account Settings UI did not update to reflect default
    identity changes (bmo#1782646)
  * fixed: New POP mail notifications were incorrectly shown for
    messages marked by filters as read or junk (bmo#1787531)
  * fixed: Connecting to an IMAP server configured to use
    `PREAUTH` caused Thunderbird to hang (bmo#1798161)
  * fixed: Error responses received in greeting header from NNTP
    servers did not display error message (bmo#1792281)
  * fixed: News messages sent using "Send Later" failed to send
    after going back online (bmo#1794997)
  * fixed: "Download/Sync Now..." did not completely sync all
    newsgroups before going offline (bmo#1795547)
  * fixed: Username was missing from error dialog on failed login
    to news server (bmo#1796964)
  * fixed: Thunderbird can now fetch RSS channel feeds with
    incomplete channel URL (bmo#1794775)
  * fixed: Add-on "Contribute" button in Add-ons Manager did not
    work (bmo#1795751)
  * fixed: Help text for `/part` Matrix command was incorrect
    (bmo#1795578)
  * fixed: Invite Attendees dialog did not fetch free/busy info
    for attendees with encoded characters in their name
    (bmo#1797927)
  * fixed: Various security fixes
  MFSA 2022-49 (bsc#1205270)
  * CVE-2022-45403 (bmo#1762078)
    Service Workers might have learned size of cross-origin media
    files
  * CVE-2022-45404 (bmo#1790815)
    Fullscreen notification bypass
  * CVE-2022-45405 (bmo#1791314)
    Use-after-free in InputStream implementation
  * CVE-2022-45406 (bmo#1791975)
    Use-after-free of a JavaScript Realm
  * CVE-2022-45408 (bmo#1793829)
    Fullscreen notification bypass via windowName
  * CVE-2022-45409 (bmo#1796901)
    Use-after-free in Garbage Collection
  * CVE-2022-45410 (bmo#1658869)
    ServiceWorker-intercepted requests bypassed SameSite cookie
    policy
  * CVE-2022-45411 (bmo#1790311)
    Cross-Site Tracing was possible via non-standard override
    headers
  * CVE-2022-45412 (bmo#1791029)
    Symlinks may resolve to partially uninitialized buffers
  * CVE-2022-45416 (bmo#1793676)
    Keystroke Side-Channel Leakage
  * CVE-2022-45418 (bmo#1795815)
    Custom mouse cursor could have been drawn over browser UI
  * CVE-2022-45420 (bmo#1792643)
    Iframe contents could be rendered outside the iframe
  * CVE-2022-45421 (bmo#1767920, bmo#1789808, bmo#1794061)
    Memory safety bugs fixed in Thunderbird 102.5
-------------------------------------------------------------------
Fri Nov  4 07:46:16 UTC 2022 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 102.4.2
  * changed: "Address Book" button in Account Central will now
    create a CardDAV address book instead of a local address book
    (bmo#1793903)
  * fixed: Messages fetched from POP server in `Fetch headers
    only` mode disappeared when moved to different folder by
    filter action (bmo#1793374)
  * fixed: Thunderbird re-downloaded locally deleted messages
    from a POP server when "Leave messages on server" and "Until
    I delete them" were enabled (bmo#1796903)
  * fixed: Multiple password prompts for the same POP account
    could be displayed (bmo#1786920)
  * fixed: IMAP authentication failed on next startup if ImapMail
    folder was deleted by user (bmo#1793599)
  * fixed: Retrieving passwords for authenticated NNTP accounts
    could fail due to obsolete preferences in a users profile on
    every startup (bmo#1770594)
  * fixed: `Get Next n Messages` did not consistently fetch all
    messages requested from NNTP server (bmo#1794185)
  * fixed: `Get Messages` button unable to fetch messages from
    NNTP server if root folder not selected (bmo#1792362)
  * fixed: Thunderbird text branding did not always match locale
    of localized build (bmo#1786199)
  * fixed: Thunderbird installer and Thunderbird updater created
    Windows shortcuts with different names (bmo#1787264)
  * fixed: LDAP search filters unable to work with non-ASCII
    characters (bmo#1794306)
  * fixed: "Today" highlighting in Calendar Month view did not
    update after date change at midnight (bmo#1795176)
-------------------------------------------------------------------
Wed Nov  2 14:49:40 UTC 2022 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 102.4.1
  * new: Thunderbird will now catch and report errors parsing
    vCards that contain incorrectly formatted dates (bmo#1793415)
  * fixed: Dynamic language switching did not update interface
    when switched to right-to-left languages (bmo#1794289)
  * fixed: Custom header data was discarded after messages were
    saved as draft and reopened (bmo#195716)
  * fixed: `-remote` command line argument did not work,
    affecting integration with various applications such as
    LibreOffice (bmo#1793323)
  * fixed: Messages received via some SMS-to-email services could
    not display images (bmo#1774805)
  * fixed: VCards with nickname field set could not be edited
    (bmo#1793877)
  * fixed: Some recurring events were missing from Agenda on
    first load (bmo#1771168)
  * fixed: Download requests for remote ICS calendars incorrectly
    set "Accept" header to text/xml (bmo#1793757)
  * fixed: Monthly events created on the 31st of a month with <30
    days placed first occurrence 1-2 days after the beginning of
    the following month (bmo#1266797)
  * fixed: Various visual and UX improvements
    (bmo#1781437,bmo#1785314,bmo#1794139,bmo#1794155,bmo#1794399)
-------------------------------------------------------------------
Tue Oct 18 09:13:16 UTC 2022 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 102.4.0
  * changed: Thunderbird will automatically detect and repair
    OpenPGP key storage corruption caused by using the profile
    import tool in Thunderbird 102 (bmo#1790610)
  * fixed: POP message download into a large folder (~13000
    messages) caused Thunderbird to temporarily freeze
    (bmo#1792675)
  * fixed: Forwarding messages with special characters in Subject
    failed on Windows (bmo#1782173)
  * fixed: Links for FileLink attachments were not added when
    attachment filename contained Unicode characters
    (bmo#1789589)
  * fixed: Address Book display pane continued to show contacts
    after deletion (bmo#1777808)
  * fixed: Printing address book did not include all contact
    details (bmo#1782076)
  * fixed: CardDAV contacts without a Name property did not save
    to Google Contacts (bmo#1792101)
  * fixed: "Publish Calendar" did not work (bmo#1794471)
  * fixed: Calendar database storage improvements (bmo#1792124)
  * fixed: Incorrectly handled error responses from CalDAV
    servers sometimes caused events to disappear from calendar
    (bmo#1792923)
  * fixed: Various visual and UX improvements (bmo#1776093,bmo#17
    80040,bmo#1780425,bmo#1792876,bmo#1792872,bmo#1793466,bmo#179
    3543)
  * fixed: Various security fixes
  MFSA 2022-46 (bsc#1204421)
  * CVE-2022-42927 (bmo#1789128)
    Same-origin policy violation could have leaked cross-origin
    URLs
  * CVE-2022-42928 (bmo#1791520)
    Memory Corruption in JS Engine
  * CVE-2022-42929 (bmo#1789439)
    Denial of Service via window.print
  * CVE-2022-42932 (bmo#1789729, bmo#1791363, bmo#1792041)
    Memory safety bugs fixed in Thunderbird 102.4
- Rebase mozilla-silence-no-return-type.patch to apply with fuzz=0
- Added mozilla-partial-revert-1768632.patch to fix build on i586
- Mozilla Thunderbird 102.3.3
  * new: Option added to show containing address book for a
    contact when using `All Address Books` in vertical mode
    (bmo#1778871)
  * changed: Thunderbird will try to use POP NTLM authentication
    even if not advertised by server (bmo#1793349)
  * changed: Task List and Today Pane sidebars will no longer
    load when not visible (bmo#1788549)
  * fixed: Sending a message while a recipient pill was being
    modified did not save changes (bmo#1779785)
  * fixed: Nickname column was not available in horizontal view
    of Address Book (bmo#1778000)
  * fixed: Multiline organization values were displayed across
    two columns in horizontal view of Address Book (bmo#1777780)
  * fixed: Contact vCard fields with multiple values such as
    Categories were truncated when saved (bmo#1792399)
  * fixed: ICS calendar files with a `FREEBUSY` property could
    not be imported (bmo#1783441)
  * fixed: Thunderbird would hang if calendar event exceeded the
    year 2035 (bmo#1789999)
- Mozilla Thunderbird 102.3.2
  * changed: Thunderbird will try to use POP CRAM-MD5
    authentication even if not advertised by server (bmo#1789975)
  * fixed: Checking messages on POP3 accounts caused POP folder
    to lock if mail server was slow or non-responsive
    (bmo#1792451)
  * fixed: Newsgroups named with consecutive dots would not
    appear when refreshing list of newsgroups (bmo#1787789)
  * fixed: Sending news articles containing lines starting with
    dot were sometimes clipped (bmo#1787955)
  * fixed: CardDAV server sync silently failed if sync token
    expired (bmo#1791183)
  * fixed: Contacts from LDAP on macOS address books were not
    displayed (bmo#1791347)
  * fixed: Chat account input now accepts URIs for supported chat
    protocols (bmo#1776706)
  * fixed: Chat ScreenName field was not migrated to new address
    book (bmo#1789990)
  * fixed: Creating a New Event from the Today Pane used the
    currently selected day from the main calendar instead of from
    the Today Pane (bmo#1791203)
  * fixed: `New Event` button in Today Pane was incorrectly
    disabled sometimes (bmo#1792058)
  * fixed: Event reminder windows did not close after being
    dismissed or snoozed (bmo#1791228)
  * fixed: Improved performance of recurring event date
    calculation (bmo#1787677)
  * fixed: Quarterly calendar events on the last day of the month
    repeated one month early (bmo#1789362)
  * fixed: Thunderbird would hang if calendar event exceeded the
    year 2035 (bmo#1789999)
  * fixed: Whitespace in calendar events was incorrectly handled
    when upgrading from Thunderbird 91 to 102 (bmo#1790339)
  * fixed: Various visual and UX improvements (bmo#1755623,bmo#17
    83903,bmo#1785851,bmo#1786434,bmo#1787286,bmo#1788151,bmo#178
    9728,bmo#1790499)
- Mozilla Thunderbird 102.3.1
  * changed: Compose window encryption options now only appear
    for encryption technologies that have already been configured
    (bmo#1788988)
  * changed: Number of contacts in currently selected address
    book now displayed at bottom of Address Book list column
    (bmo#1745571)
  * fixed: Password prompt did not include server hostname for
    POP servers (bmo#1786920)
  * fixed: `Edit Contact` was missing from Contacts sidebar
    context menus (bmo#1771795)
  * fixed: Address Book contact lists cut off display of some
    characters, the result being unreadable (bmo#1780909)
  * fixed: Menu items for dark-themed alarm dialog were invisible
    on Windows 7 (bmo#1791738)
  * fixed: Various security fixes
  MFSA 2022-43 (bsc#1204411)
  * CVE-2022-39249 (bmo#1791765)
    Matrix SDK bundled with Thunderbird vulnerable to an
    impersonation attack by malicious server administrators
  * CVE-2022-39250 (bmo#1791765)
    Matrix SDK bundled with Thunderbird vulnerable to a device
    verification attack
  * CVE-2022-39251 (bmo#1791765)
    Matrix SDK bundled with Thunderbird vulnerable to an
    impersonation attack
  * CVE-2022-39236 (bmo#1791765)
    Matrix SDK bundled with Thunderbird vulnerable to a data
    corruption issue
- Mozilla Thunderbird 102.3
  * changed: Thunderbird will no longer attempt to import account
    passwords when importing from another Thunderbird profile in
    order to prevent profile corruption and permanent data loss.
    (bmo#1790605)
  * changed: Devtools performance profile will use Thunderbird
    presets instead of Web Developer presets (bmo#1785954)
  * fixed: Thunderbird startup performance improvements
    (bmo#1785967)
  * fixed: Saving email source and images failed
    (bmo#1777323,bmo#1778804)
  * fixed: Error message was shown repeatedly when temporary disk
    space was full (bmo#1788580)
  * fixed: Attaching OpenPGP keys without a set size to non-
    encrypted messages briefly displayed a size of zero bytes
    (bmo#1788952)
  * fixed: Global Search entry box initially contained
    "undefined" (bmo#1780963)
  * fixed: Delete from POP Server mail filter rule intermittently
    failed to trigger (bmo#1789418)
  * fixed: Connections to POP3 servers without UIDL support
    failed (bmo#1789314)
  * fixed: Pop accounts with "Fetch headers only" set downloaded
    complete messages if server did not advertise TOP capability
    (bmo#1789356)
  * fixed: "File -> New -> Address Book Contact" from Compose
    window did not work (bmo#1782418)
  * fixed: Attach "My vCard" option in compose window was not
    available (bmo#1787614)
  * fixed: Improved performance of matching a contact to an email
    address (bmo#1782725)
  * fixed: Address book only recognized a contact's first two
    email addresses (bmo#1777156)
  * fixed: Address book search and autocomplete failed if a
    contact vCard could not be parsed (bmo#1789793)
  * fixed: Downloading NNTP messages for offline use failed
    (bmo#1785773)
  * fixed: NNTP client became stuck when connecting to Public-
    Inbox servers (bmo#1786203)
  * fixed: Various visual and UX improvements
    (bmo#1782235,bmo#1787448,bmo#1788725,bmo#1790324)
  * fixed: Various security fixes
  * unresolved: No dedicated "Department" field in address book
    (bmo#1777780)
  MFSA 2022-42 (bsc#1203477)
  * CVE-2022-3266 (bmo#1767360)
    Out of bounds read when decoding H264
  * CVE-2022-40959 (bmo#1782211)
    Bypassing FeaturePolicy restrictions on transient pages
  * CVE-2022-40960 (bmo#1787633)
    Data-race when parsing non-UTF-8 URLs in threads
  * CVE-2022-40958 (bmo#1779993)
    Bypassing Secure Context restriction for cookies with __Host
    and __Secure prefix
  * CVE-2022-40956 (bmo#1770094)
    Content-Security-Policy base-uri bypass
  * CVE-2022-40957 (bmo#1777604)
    Incoherent instruction cache when building WASM on ARM64
  * CVE-2022-3155 (bmo#1789061)
    Attachment files saved to disk on macOS could be executed
    without warning
  * CVE-2022-40962 (bmo#1776655, bmo#1777574, bmo#1784835,
    bmo#1785109, bmo#1786502, bmo#1789440)
    Memory safety bugs fixed in Thunderbird 102.3
-------------------------------------------------------------------
Thu Sep  8 12:53:02 UTC 2022 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 102.2.2
  * changed: Setting added to change Calendar event double-click
    action to open `Edit Event` dialog rather than view only; Set
    `calendar.events.defaultActionEdit` to `true`.
  * fixed: Running `Compact Folders` on maildir folders caused a
    redownload of all messages in the folder
  * fixed: Accessing mail folders in profiles with many folders
    was slow
  * fixed: SMTP servers were not always properly initialized, and
    were not listed in `Account Settings`
  * fixed: APOP authentication unsupported when connecting to
    POP3 server
  * fixed: OpenPGP key discovery failed
  * fixed: POP accounts hosted by AOL were not able to
    authenticate using OAuth2
  * fixed: Unable to open context menu in newsgroups header for
    groups that are not subscribed
-------------------------------------------------------------------
Thu Sep  1 07:53:35 UTC 2022 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 102.2.1
  * new: Commandline argument to open Calendar at startup added
    (`-calendar`)
  * changed: Buttons to connect automatically discovered Address
    Books and Calendar during `Account Setup` now displayed
  * fixed: Compacting IMAP folders failed when "Just mark as
    deleted" was set
  * fixed: Message threading status and sort order was not
    transferred when applying column layout to other folders
  * fixed: Folder names with half-width Kana characters were
    displayed incorrectly
  * fixed: Digital signing of messages was not disabled after
    switching to an identity that could not sign
  * fixed: POP message retrieval stopped after a network error
    occurred and connectivity was restored
  * fixed: Activity Manager didn't show "Get Messages" activity
    when "Leave messages on server" was turned off and no new
    messages were found
  * fixed: Mail quota color did not update properly for multiple
    accounts
  * fixed: Profile export failed if an expected file did not
    exist
  * fixed: `Check Spelling` dialog could exceed screen size when
    many dictionaries were available
  * fixed: Dragging a news message to the Desktop caused
    Thunderbird to hang when synchronized for offline use
  * fixed: `Remove All Expired Articles` was not displayed on
    expired NNTP messages
  * fixed: Sending messages to encrypted Matrix rooms failed in
    some cases
  * fixed: Adding a CalDAV calendar on BSD-based OS's failed due
    to DNS errors
  * fixed: Various visual and UX improvements
  * fixed: Various security fixes
  MFSA 2022-38 (bsc#1203007)
  * CVE-2022-3033 (bmo#1784838)
    Leaking of sensitive information when composing a response to
    an HTML email with a META refresh tag
  * CVE-2022-3032 (bmo#1783831)
    Remote content specified in an HTML document that was nested
    inside an iframe's srcdoc attribute was not blocked
  * CVE-2022-3034 (bmo#1745751)
    An iframe element in an HTML email could trigger a network
    request
  * CVE-2022-36059 (bmo#1787741)
    Matrix SDK bundled with Thunderbird vulnerable to denial-of-
    service attack
- Mozilla Thunderbird 102.2
  * new: Config setting added to disable OpenPGP "encryption is
    possible" reminder: `mail.openpgp.remind_encryption_possible`
  * changed: Thunderbird on macOS will now prompt for Primary
    Password on startup if set
  * changed: Thunderbird will no longer offer to import OpenPGP
    keys that are incomplete
  * changed: Selecting or unselecting a dictionary in the
    `Spelling` compose toolbar button will no longer immediately
    close the menu; Making dictionary changes via the editor
    context menu will continue to close the context menu
  * changed: Contact address lines are now adjusted to appear in
    the expected order
  * changed: Custom1-4 fields restored to Address Book UI;
    existing data is preserved from pre-102 profiles
  * fixed: Thunderbird startup performance improvements
  * fixed: `ALT+<numpad digits>` keypress events were intercepted
    by the Spaces Toolbar, preventing special character entry on
    Windows
  * fixed: Searching on attachment status did not work in Message
    Search dialog
  * fixed: Repairing IMAP folders in Offline mode removed local
    copy of the folders
  * fixed: POP3 message download progress bar was not displayed
  * fixed: POP `Fetch headers only` mode did not work for some
    server configurations
  * fixed: POP accounts using GSSAPI or NTLM authentication were
    not able to log into the server
  * fixed: A TLS certificate override dialog for self-signed
    certificates was not shown for IMAP accounts
  * fixed: Saving attachments from newsgroups did not work
  * fixed: Setting contact type to "None" was not possible if a
    type was previously set
  * fixed: Editing a contact without Name fields populated filled
    in the email address into the name fields
  * fixed: Address book toolbar buttons were not keyboard
    accessible
  * fixed: Auto-detection of CalDAV and CardDAV via DNS records
    used server domain leading to failures
  * fixed: Various visual and theme improvements
  * fixed: Various security fixes
  MFSA 2022-36 (bsc#1202645)
  * CVE-2022-38472 (bmo#1769155)
    Address bar spoofing via XSLT error handling
  * CVE-2022-38473 (bmo#1771685)
    Cross-origin XSLT Documents would have inherited the parent's
    permissions
  * CVE-2022-38476 (bmo#1760998)
    Data race and potential use-after-free in PK11_ChangePW
  * CVE-2022-38477 (bmo#1760611, bmo#1770219, bmo#1771159,
    bmo#1773363)
    Memory safety bugs fixed in Thunderbird 102.2
  * CVE-2022-38478 (bmo#1770630, bmo#1776658)
    Memory safety bugs fixed in Thunderbird 102.2, and
    Thunderbird 91.13
- Mozilla Thunderbird 102.1.2
  * fixed: The fix for bug 1777765 (no POP download progress bar)
    was backed out from this release to address broken POP
    message download with `Fetch headers only` selected in
    Account Settings (bug 1783552).
-------------------------------------------------------------------
Mon Aug  8 11:06:00 UTC 2022 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Add mozilla-bmo1775202.patch to fix build on ppc64le
- Mozilla Thunderbird 102.1.1
  * changed: OpenPGP Key Manager will clear selected keys after a
    deletion is performed
  * fixed: Update notification popups were still displayed after
    switching to another desktop workspace on Linux
  * fixed: macOS display issues made Thunderbird unusable
  * fixed: OpenPGP public key was not automatically attached
    after enabling encryption from reminder and default setting
    is "Do not encrypt"
  * fixed: Importing OpenPGP keys stored in binary format failed
  * fixed: Exporting an OpenPGP public key from Account Settings
    failed
  * fixed: Saving encrypted OpenPGP attachments created corrupt
    files
  * fixed: Receiving many OpenPGP keys in a single email caused
    Thunderbird to hang
  * fixed: POP3 message download progress bar was not displayed
  * fixed: OAuth2 authentication was not available when the mail
    domain did not match the OAuth provider domain
  * fixed: OAuth did not work with some POP servers
  * fixed: RSS feed URL links in headers panel could not be
    activated by keyboard
  * fixed: Self-signed TLS certificates did not work with POP3
    connections
  * fixed: Non-ascii characters in passwords did not work with
    POP3 connections
  * fixed: An error was not displayed when an incorrect password
    was entered for a POP3 account
  * fixed: NNTP articles were not displayed in preview pane when
    a Primary Password was set
  * fixed: NNTP articles did not download when the hostname of
    the server was not all in lower-case
  * fixed: Saving NNTP messages to local disk failed
  * fixed: Drag and Drop from Address Book into Compose window
    sometimes added unexpected contacts to the target
  * fixed: "Default" label not shown for emails when editing a
    contact
  * fixed: Contact Title, Role, and Organization fields could be
    displayed in the wrong order
  * fixed: Contact birthdays on February 29 were displayed
    incorrectly in non-leap years
  * fixed: Detection of photos in vCards improved
  * fixed: Drag and drop contacts to another address book was not
    available
  * fixed: Contacts stored in a Google CardDAV address book
    contained extra backslashes in text fields
  * fixed: Contacts without First/Last/Display Names appeared
    blank in contact list
  * fixed: Auto-attaching vCard and OpenPGP keys did not always
    work as expected
  * fixed: Settings page used caused excessive CPU usage
  * fixed: Calendar did not respect `Date and Time Formatting` in
    Settings
  * fixed: OpenPGP Key Import wizard did not adapt to dark theme
  * fixed: Various visual and theme improvements
  * fixed: Various accessibility improvements
  * unresolved: "Get Map" feature missing from address book for
    physical addresses
- Mozilla Thunderbird 102.1.0
  * fixed: Activity Manager did not display POP message downloads
  * fixed: Mail Folder Properties dialog was not sized correctly,
    cutting off contents
  * fixed: Expired news messages did not display an error
  * fixed: Calendar Column Picker closed prematurely after
    selecting/deselecting a single column
  * fixed: Various UI improvements
  * fixed: Various security fixes
  MFSA 2022-32 (bsc#1201758)
  * CVE-2022-36319 (bmo#1737722)
    Mouse Position spoofing with CSS transforms
  * CVE-2022-36318 (bmo#1771774)
    Directory indexes for bundled resources reflected URL
    parameters
  * CVE-2022-36314 (bmo#1773894)
    Opening local <code>.lnk</code> files could cause unexpected
    network loads
  * CVE-2022-2505 (bmo#1769739, bmo#1772824)
    Memory safety bugs fixed in Thunderbird 102.1
- Mozilla Thunderbird 102.0.3
  * changed: Support for Google Talk chat accounts removed
  * fixed: Thunderbird could crash on startup on Windows 11
  * fixed: After compacting folders, new downloaded messages were
    inaccessible
  * fixed: Marking a message as a Favorite (starred) did not
    update the thread pane when using Unified Folders
  * fixed: Compose window failed to populate some fields when
    S/MIME was configured
  * fixed: Non-text attachments has an incorrect
    "charset=windows-1250" mime header
  * fixed: Messages sent as attachments incorrectly had an
    "X-Mozilla-Cloud-Part" header
  * fixed: Improved Address Book import/export support in Profile
    Importer
  * fixed: IMAP stability improvements
  * fixed: Offline cache was unusable for NNTP accounts
  * fixed: Signing S/MIME messages failed
  * fixed: Various UI improvements
- Mozilla Thunderbird 102.0.2
  * changed: Double-clicking chat messages will no longer execute
    a default action
  * fixed: "File" menu was covered by Spaces Toolbar
  * fixed: Sub-folders with new messages were not highlighted
    until clicked
  * fixed: Attachment paper clip was cut off in message list
  * fixed: OpenPGP signatures were broken when "Primary Password"
    dialog remained open
  * fixed: Non-ASCII messages forwarded as attachments were
    garbled
  * fixed: Importing from Seamonkey or Outlook failed in second
    step
  * fixed: Deleting messages from a POP server occasionally
    failed
  * fixed: Offline cache was unusable for NNTP accounts
  * fixed: News messages were not shown in preview pane
  * fixed: Address fields were not populated when using "Edit as
    new message"
  * fixed: Sometimes only the first letter of a contact's
    Organization name was displayed
  * fixed: Double-click to edit selected contacts action did not
    work
  * fixed: Some CardDAV contact fields were displayed with
    additional backslashes in the value
  * fixed: Pending chat message contents were not updated when
    the conversation was not selected
  * fixed: Various UI improvements
- Mozilla Thunderbird 102.0.1
  * fixed: Mailbox MSF files could become corrupt in some
    circumstances
  * fixed: OpenPGP Key Assistant did not show status for
    addresses handled by aliases
  * fixed: Attaching an external OpenPGP public key failed if
    configured with a subkey ID
  * fixed: Thunderbird continued using an old password after
    changing it
  * fixed: New mail notifications were only shown for one mail
    account when multiple accounts were configured
  * fixed: LDAP Address Books could not be configured using IPv6
    address literals
  * fixed: CardDAV contacts (notably Google-hosted) with more
    than one email address were not always editable
  * fixed: Address Book accessibility improvements
  * fixed: Various UI improvements
  * fixed: Icons converted to new style
- Mozilla Thunderbird 102.0
  * new: Thunderbird will now display a message when an upgrade
    migration task is taking a long time to complete
  * new: es-MX localized build now available
  * new: What's new link displayed in About: dialog
  * new: Profile Import/Export UI refreshed and moved to a tab
  * new: Commandline tools now included for OpenPGP debugging
  * new: Thunderbird may now be built with OpenPGP support and a
    system librnp
  * new: Added menu option to permanently decrypt OpenPGP
    encrypted messages to a folder
  * new: OpenPGP: Public keys from email attachments and
    autocrypt headers now cached for future use
  * new: Expired OpenPGP recipient keys now indicated in compose
    window
  * new: OpenPGP Key Assistant enabled by default
  * new: OpenPGP Key Properties now supports refreshing keys from
    key server
  * new: Spaces vertical toolbar for easier in-app navigation
  * new: Compose toolbar button for OpenPGP & S/MIME signing
    available via "Customize Toolbar"
  * new: "Select all addresses" now supported from composer pill
    context menu
  * new: Multiple active spelling dictionaries now supported in
    compose window
  * new: `Add dictionaries` item added to `Spelling` button in
    compose window
  * new: Added config option to more aggressively warn sender
    about having many public recipients to an email
    (`mail.compose.warn_public_recipients.aggressive`)
  * new: Exporting current profile now supported on importing tab
  * new: Back/Forward keyboard shortcuts added to Addon Manager
  * new: New Address Book UI and significant backend overhaul
  * new: Importing sqlite address books now supported
  * new: Importing addressbooks via CSV file now supports semi-
    colon (;) delimited files
  * new: Opening a **news://** URL now works if an account is not
    configured for that news server
  * new: Google Talk chat accounts now support logging in with
    OAuth2
  * new: Matrix chat support enabled by default. This is a
    **beta** feature.
  * new: Printing using the system dialog without preview now
    supported; Set `print.prefer_system_dialog` to `true`
  * new: Removing events from a calendar now prompts for
    confirmation
  * new: Upcoming events in the Today Pane show how far away they
    are
  * new: Icons now displayed on recurring events and modified
    events within a recurring series
  * changed: SMTP client will now ignore socket errors after
    `QUIT` command is sen
  * changed: Javascript POP implementation enabled by default
  * changed: Buttons on "Update Failed" popup now open Beta and
    Release specific pages on Thunderbird website
  * changed: Replace "About Junk Mail" dialog with a link to the
    support page
  * changed: [macOS] Account settings moved to application menu
  * changed: New profiles will default to using "Threaded"
    message view
  * changed: "Discover OpenPGP Key" context menu item is no
    longer displayed when a key is already available
  * changed: Duplicated OpenPGP encrypted attachments were shown
    when `display-attachments-inline` was enabled
  * changed: Replaced Security compose toolbar button with
    Encryption toggle and Encryption options buttons
  * changed: OpenPGP dialog for key "acceptance per email" now
    displayed in more circumstances
  * changed: OpenPGP `Key Manager` dialog layout improvements
  * changed: Writing OpenPGP keyring data will block Thunderbird
    shutdown to prevent data loss
  * changed: When automatically attaching OpenPGP keys to emails,
    Thunderbird will strip key certificates
  * changed: A notification bar in the compose window will be
    displayed if encryption is possible but not enabled
  * changed: Inline attachment filenames now sent without data-
    uri encoding
  * changed: Per-recipient and per-domain email format
    preferences removed; Sending options moved to Compose
    Settings
  * changed: Thunderbird can now be used without setting up a
    mail account
  * changed: NNTP account set up moved to its own wizard; "Other
    accounts" wizard removed
  * changed: Account Manager UI updated
  * changed: Email account provisioner moved to a tab
  * changed: Link to create a new email address in Account Setup
    now hidden if "Email address" contains a value
  * changed: Addon Search will no longer display addons that are
    incompatible
  * changed: Searching from the `Themes` page of Addon Manager
    will now limit search results to only include themes
  * changed: Additional fields for download limits, expiration,
    and password protection added to FileLink template
  * changed: FileLink will check the provider for sufficient
    space before uploading
  * changed: "PreferMailFormat" property removed from addressbook
  * changed: Address book contact data is now stored in the vCard
    format. The change isn't backwards-compatible; backups are
    stored in the profile directory.
  * changed: Default install directory for Thunderbird Beta
    changed to not conflict with release versions
  * changed: Tab icons updated
  * changed: Message Header toolbar buttons will not display a
    border when set to show icons only
  * changed: New message detection for non-INBOX IMAP folders
    improved
  * changed: New Javascript NNTP implementation enabled by
    default; Set `mailnews.nntp.jsmodule` to `false` to disable
  * changed: Preference for OTR encrypted conversation logging
    moved to Protocol settings
  * changed: Thunderbird will not try to use OTR Chat encryption
    if the protocol supports native encryption
  * changed: Invitations to IRC and XMPP chat rooms will now
    prompt the user if they would like to join
  * changed: Today Pane UI refreshed
  * changed: Thunderbird will not support "Secondly" or
    "Minutely" recurring calendar events
  * changed: Default action of `Edit` button in recurring event
    dialog changed to display submenu
  * changed: Support for importing and exporting calendars from
    Outlook CSV format was removed
  * changed: Thunderbird will now delay refreshing cached
    calendars at start-up
  * changed: Javascript Ical parser (ical.js) enabled by default
  * fixed: Opening "cid:" links failed
  * fixed: Message download progress was calculated incorrectly
  * fixed: `Ctrl+mouse wheel` did not zoom in the message source
    window
  * fixed: `Open message in containing folder` did not work for
    standalone windows
  * fixed: Multi-message view was not fully scrollable
  * fixed: Messages did not reload in all open windows after Junk
    status was changed
  * fixed: Detached attachments were opened from a temporary copy
    instead of the selected save location
  * fixed: IMAP folder subscription changes on servers using
    OAuth2 authentication were not reflected in folder pane until
    Thunderbird was restarted
  * fixed: Improved error reporting for external GnuPG
    configurations
  * fixed: Incorrect OpenPGP preferences were used for secondary
    identities
  * fixed: Adding an expiry date to an OpenPGP key that did not
    have one was not possible
  * fixed: UI showed old OpenPGP key expiry date after changing
    it
  * fixed: Importing large OpenPGP key files failed
  * fixed: OpenPGP "Repair Message" button did not work with some
    emails
  * fixed: Importing OpenPGP public keys without a blank line
    following the header failed
  * fixed: Dragging and dropping multiple email attachments
    between windows did not always copy all attachments
  * fixed: Attachment bar in message compose window was not
    keyboard accessible
  * fixed: Triggering recipient pill creation in the compose
    window incorrectly used the entire field as input
  * fixed: Compose notification bars were not easily accessible
    via keyboard
  * fixed: "Save message" confirmation dialog buttons were not
    navigable using arrow keys
  * fixed: Focus jumped in compose window when closing the
    contacts sidebar
  * fixed: Save dialog was incorrectly shown when closing empty
    composer windows
  * fixed: Incorrect access key used for `File->New->Message`
    menu item
  * fixed: Changing focus in the compose window with multiple
    recipient pills selected did not always deselect the pills
  * fixed: Sending a message with non-ascii characters in
    recipient local parts failed unexpectedly when the server did
    not support SMTPUTF8
  * fixed: LDAP Autoconfig could block Thunderbird startup
  * fixed: Improvements to the Import/Export feature
  * fixed: Configuring multiple SMTP accounts using the same
    server was not possible
  * fixed: `Empty Trash on Exit` did not work with IMAP accounts
    using OAuth2 authentication
  * fixed: IMAP server hostname changes were not reflected in
    `Folder Properties` dialog
  * fixed: Addons automatically updated when Thunderbird updated
    despite Addon updates being turned off
  * fixed: Message size calculations incorrectly included
    FileLink attachments
  * fixed: After converting a FileLink attachment back to an
    e-mail attachment, the privacy notification persisted
  * fixed: A failed FileLink provider change removed the
    attachment completely
  * fixed: Subscribing to CardDAV address books from Account
    Setup tab did not subscribe to all selected address books
  * fixed: Adding CardDAV address books failed if an addon-
    provided address book was present
  * fixed: Messages with Message-Id headers longer than 332
    characters could not be forwarded
  * fixed: SMTP send progress bar could trigger high CPU usage
    when the server connection failed
  * fixed: Improved POP server authentication detection during
    Account Setup
  * fixed: News folders did not display biff indicator
  * fixed: IMAP flag changes from another client were not seen
    after some inactivity
  * fixed: Recipients were not de-duplicated before sending,
    leading to sending errors
  * fixed: Chat conversations' context menu did not recognize
    links
  * fixed: Chat username splitting in the account wizard did not
    work after changing protocols
  * fixed: Removing obsolete proprietary chat accounts did not
    work
  * fixed: OTR encrypted chat did not work on FreeBSD
  * fixed: Event edit toolbar button was not disabled when an
    invitation was selected
  * fixed: Event view headers and content were not lined up
    consistently for RTL locales
  * fixed: Mini-month views did not properly update at midnight
  * fixed: Some labels in Calendar were displayed in multiple
    languages
  * fixed: Thunderbird permitted inline editing of read-only
    event titles
  * fixed: Calendar view reloaded when switching tabs
  * fixed: It was possible to create annual calendar events with
    invalid days
  * fixed: Detection of attached vCalendar files improved
  * fixed: Reminders for events created by another user could not
    be closed
  * fixed: MS Teams meeting event descriptions were unreadable
    when stored on Google Calendar
  * fixed: Adding a Google calendar with a non-gmail or
    googlemail e-mail address failed
  * fixed: Accepting a recurrence exception to an event accepted
    event associated with the original recurring event rather
    than the exception
  * fixed: Various security fixes
  MFSA 2022-26 (bsc#1200793)
  * CVE-2022-34479 (bmo#1745595)
    A popup window could be resized in a way to overlay the
    address bar with web content
  * CVE-2022-34470 (bmo#1765951)
    Use-after-free in nsSHistory
  * CVE-2022-34468 (bmo#1768537)
    CSP sandbox header without `allow-scripts` can be bypassed
    via retargeted javascript: URI
  * CVE-2022-2226 (bmo#1775441)
    An email with a mismatching OpenPGP signature date was
    accepted as valid
  * CVE-2022-34481 (bmo#1497246)
    Potential integer overflow in ReplaceElementsAt
  * CVE-2022-31744 (bmo#1757604)
    CSP bypass enabling stylesheet injection
  * CVE-2022-34472 (bmo#1770123)
    Unavailable PAC file resulted in OCSP requests being blocked
  * CVE-2022-34478 (bmo#1773717)
    Microsoft protocols can be attacked if a user accepts a
    prompt
  * CVE-2022-2200 (bmo#1771381)
    Undesired attributes could be set as part of prototype
    pollution
  * CVE-2022-34484 (bmo#1763634, bmo#1772651)
    Memory safety bugs fixed in Thunderbird 91.11 and Thunderbird
    102
-------------------------------------------------------------------
Fri Jul 29 11:56:39 UTC 2022 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 91.12
  * changed: Support for Google Talk chat accounts removed
  * fixed: OpenPGP signatures were broken when "Primary Password"
    dialog remained open
  * fixed: Various security fixes
  MFSA 2022-31 (bsc#1201758)
  * CVE-2022-36319 (bmo#1737722)
    Mouse Position spoofing with CSS transforms
  * CVE-2022-36318 (bmo#1771774)
    Directory indexes for bundled resources reflected URL
    parameters
-------------------------------------------------------------------
Wed Jun 29 05:44:31 UTC 2022 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 91.11
  * fixed: CLIENTID fix for bmo#1759197 in Thunderbird 91.8.1 did
    not work; additional fix applied
  * fixed: "Save-As" attachment dialog did not have filename pre-
    populated
  * fixed: Various security fixes
  MFSA 2022-26 (bsc#1200793)
  * CVE-2022-34479 (bmo#1745595)
    A popup window could be resized in a way to overlay the
    address bar with web content
  * CVE-2022-34470 (bmo#1765951)
    Use-after-free in nsSHistory
  * CVE-2022-34468 (bmo#1768537)
    CSP sandbox header without `allow-scripts` can be bypassed
    via retargeted javascript: URI
  * CVE-2022-2226 (bmo#1775441)
    An email with a mismatching OpenPGP signature date was
    accepted as valid
  * CVE-2022-34481 (bmo#1497246)
    Potential integer overflow in ReplaceElementsAt
  * CVE-2022-31744 (bmo#1757604)
    CSP bypass enabling stylesheet injection
  * CVE-2022-34472 (bmo#1770123)
    Unavailable PAC file resulted in OCSP requests being blocked
  * CVE-2022-34478 (bmo#1773717)
    Microsoft protocols can be attacked if a user accepts a
    prompt
  * CVE-2022-2200 (bmo#1771381)
    Undesired attributes could be set as part of prototype
    pollution
  * CVE-2022-34484 (bmo#1763634, bmo#1772651)
    Memory safety bugs fixed in Thunderbird 91.11 and Thunderbird
    102
-------------------------------------------------------------------
Wed Jun  1 09:56:52 UTC 2022 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 91.10
  * fixed: Various UX and theme improvements
  * fixed: Various security fixes
  MFSA 2022-22 (bsc#1200027)
  * CVE-2022-31736 (bmo#1735923)
    Cross-Origin resource's length leaked
  * CVE-2022-31737 (bmo#1743767)
    Heap buffer overflow in WebGL
  * CVE-2022-31738 (bmo#1756388)
    Browser window spoof using fullscreen mode
  * CVE-2022-31739 (bmo#1765049)
    Attacker-influenced path traversal when saving downloaded
    files
  * CVE-2022-31740 (bmo#1766806)
    Register allocation problem in WASM on arm64
  * CVE-2022-31741 (bmo#1767590)
    Uninitialized variable leads to invalid memory read
  * CVE-2022-1834 (bmo#1767816)
    Braille space character caused incorrect sender email to be
    shown for a digitally signed email
  * CVE-2022-31742 (bmo#1730434)
    Querying a WebAuthn token with a large number of
    allowCredential entries may have leaked cross-origin
    information
  * CVE-2022-31747 (bmo#1760765, bmo#1765610, bmo#1766283,
    bmo#1767365, bmo#1768559, bmo#1768734)
    Memory safety bugs fixed in Thunderbird 91.10
-------------------------------------------------------------------
Mon May 23 06:58:33 UTC 2022 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 91.9.1
  * fixed: Various security fixes
  MFSA 2022-19 (bsc#1199768)
  * CVE-2022-1802 (bmo#1770137)
    Prototype pollution in Top-Level Await implementation
  * CVE-2022-1529 (bmo#1770048)
    Untrusted input used in JavaScript object indexing, leading
    to prototype pollution
-------------------------------------------------------------------
Mon May  9 07:15:26 UTC 2022 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 91.9
  * changed: A warning is now displayed if an OpenPGP key has
    unsafe attributes that are ignored; See support article.
  * fixed: OpenPGP integration in Thunderbird 91.8.0 and 91.8.1
    did not allow SHA-1 key signatures
  * fixed: macOS disk image graphics updated
  * fixed: CalDAV calendars were marked read-only on startup
  * fixed: Task creation field on macOS incorrectly displayed a
    search icon
  * fixed: Various security fixes
  MFSA 2022-18 (bsc#1198970)
  * CVE-2022-1520 (bmo#1745019)
    Incorrect security status shown after viewing an attached
    email
  * CVE-2022-29914 (bmo#1746448)
    Fullscreen notification bypass using popups
  * CVE-2022-29909 (bmo#1755081)
    Bypassing permission prompt in nested browsing contexts
  * CVE-2022-29916 (bmo#1760674)
    Leaking browser history with CSS variables
  * CVE-2022-29911 (bmo#1761981)
    iframe sandbox bypass
  * CVE-2022-29912 (bmo#1692655)
    Reader mode bypassed SameSite cookies
  * CVE-2022-29913 (bmo#1764778)
    Speech Synthesis feature not properly disabled
  * CVE-2022-29917 (bmo#1684739, bmo#1706441, bmo#1753298,
    bmo#1762614, bmo#1762620)
    Memory safety bugs fixed in Thunderbird 91.9
-------------------------------------------------------------------
Fri Apr  8 07:35:15 UTC 2022 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 91.8
  * changed: Google accounts using password authentication will
    be migrated to OAuth2. See KB Article.
  * fixed: OpenPGP ECC keys created by Thunderbird could not be
    imported into GnuPG
  * fixed: Exporting multiple public PGP keys from Thunderbird
    was not possible
  * fixed: Replying to a newsgroup message erroneously displayed
    a "No-reply" popup warning
  * fixed: Opening `mid:` URLs on macOS failed
  * fixed: Address books stored in older formats were loaded as
    SQLite files, causing a crash
  * fixed: Replicated LDAP directories were lost after switching
    Thunderbird to "Offline"`mode
  * fixed: Importing webcals from the commandline failed if the
    URI ended with an `.ics` file extension
  * fixed: Various security fixes
  MFSA 2022-15 (bsc#1197903)
  * CVE-2022-1097 (bmo#1745667)
    Use-after-free in NSSToken objects
  * CVE-2022-28281 (bmo#1755621)
    Out of bounds write due to unexpected WebAuthN Extensions
  * CVE-2022-1197 (bmo#1754985)
    OpenPGP revocation information was ignored
  * CVE-2022-1196 (bmo#1750679)
    Use-after-free after VR Process destruction
  * CVE-2022-28282 (bmo#1751609)
    Use-after-free in DocumentL10n::TranslateDocument
  * CVE-2022-28285 (bmo#1756957)
    Incorrect AliasSet used in JIT Codegen
  * CVE-2022-28286 (bmo#1735265)
    iframe contents could be rendered outside the border
  * CVE-2022-24713 (bmo#1758509)
    Denial of Service via complex regular expressions
  * CVE-2022-28289 (bmo#1663508, bmo#1744525, bmo#1753508,
    bmo#1757476, bmo#1757805, bmo#1758549, bmo#1758776)
    Memory safety bugs fixed in Thunderbird 91.8
-------------------------------------------------------------------
Thu Mar 17 09:18:01 UTC 2022 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Add cpu-flag `asimdrdm` to aarch64 constraints, to select newer,
  faster buildhosts, as the others struggle to build TB.
-------------------------------------------------------------------
Thu Mar 10 09:08:27 UTC 2022 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 91.7
  * changed: Thunderbird will use the first occurrence of headers
    that should only appear once
  * fixed: Auto-complete incorrectly changed a pasted email
    address to the primary address of a contact
  * fixed: Attachments with filename extensions that were not
    registered in MIME types could not be opened
  * fixed: Copy/Cut/Paste actions not working in Thunderbird
    Preferences
  * fixed: Improved screen reader support of displayed message
    headers
  * fixed: Various security fixes
  MFSA 2022-12 (bsc#1196900)
  * CVE-2022-26383 (bmo#1742421)
    Browser window spoof using fullscreen mode
  * CVE-2022-26384 (bmo#1744352)
    iframe allow-scripts sandbox bypass
  * CVE-2022-26387 (bmo#1752979)
    Time-of-check time-of-use bug when verifying add-on
    signatures
  * CVE-2022-26381 (bmo#1736243)
    Use-after-free in text reflows
  * CVE-2022-26386 (bmo#1752396)
    Temporary files downloaded to /tmp and accessible by other
    local users
-------------------------------------------------------------------
Tue Mar  8 16:43:19 UTC 2022 - Charles Robertson <cgrobertson@suse.com>
- Mozilla Thunderbird 91.6.2
  * fixed: Temporary files from opened attachments were saved
    with world-readable permission
  * fixed: Various security fixes
  MFSA 2022-09 (bsc#1196809)
  * CVE-2022-26485 (bmo#1758062)
    Use-after-free in XSLT parameter processing
  * CVE-2022-26486 (bmo#1758070)
    Use-after-free in WebGPU IPC Framework
-------------------------------------------------------------------
Thu Feb 17 08:36:49 UTC 2022 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 91.6.1
  * changed: Thunderbird generated views of meeting invitations
    are now expanded by default
  * fixed: Emails were not downloading at startup under some
    conditions
  * fixed: Port numbers were not shown in "Confirm Security
    Exception" dialog for CalDAV connections
  * fixed: Various security fixes
  MFSA 2022-07 (bsc#1196072)
  * CVE-2022-0566 (bmo#1753094)
    Crafted email could trigger an out-of-bounds write
-------------------------------------------------------------------
Tue Feb 15 09:50:31 UTC 2022 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 91.6
  * new: Thunderbird will now offer to send large forwarded
    attachments via FileLink
  * fixed: Partially signed unencrypted messages displayed an
    incorrect "partially encrypted" notification
  * fixed: Attachments filenames were not sanitized before saving
    to disk
  * fixed: In the attachment bar, the "Import OpenPGP Key" item
    displayed for public keys displayed an error and did not
    import the key
  * fixed: "Open with" attachment dialog did not have a selected
    radio button option
  * fixed: Various security fixes
  MFSA 2022-06 (bsc#1195682)
  * CVE-2022-22753 (bmo#1732435)
    Privilege Escalation to SYSTEM on Windows via Maintenance
    Service
  * CVE-2022-22754 (bmo#1750565)
    Extensions could have bypassed permission confirmation during
    update
  * CVE-2022-22756 (bmo#1317873)
    Drag and dropping an image could have resulted in the dropped
    object being an executable
  * CVE-2022-22759 (bmo#1739957)
    Sandboxed iframes could have executed script if the parent
    appended elements
  * CVE-2022-22760 (bmo#1740985, bmo#1748503)
    Cross-Origin responses could be distinguished between script
    and non-script content-types
  * CVE-2022-22761 (bmo#1745566)
    frame-ancestors Content Security Policy directive was not
    enforced for framed extension pages
  * CVE-2022-22763 (bmo#1740534)
    Script Execution during invalid object state
  * CVE-2022-22764 (bmo#1742682, bmo#1744165, bmo#1746545,
    bmo#1748210, bmo#1748279)
    Memory safety bugs fixed in Thunderbird 91.6
-------------------------------------------------------------------
Mon Jan 17 15:41:11 UTC 2022 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 91.5
  * fixed: RSS keyword labels without a configured color were
    illegible
  * fixed: Thunderbird "about:" dialog did not identify third-
    party repackaged distributions such as Flatpaks
  * fixed: Various security fixes
  MFSA 2022-03 (bsc#1194547)
  * CVE-2022-22746 (bmo#1735071)
    Calling into reportValidity could have lead to fullscreen
    window spoof
  * CVE-2022-22743 (bmo#1739220)
    Browser window spoof using fullscreen mode
  * CVE-2022-22742 (bmo#1739923)
    Out-of-bounds memory access when inserting text in edit mode
  * CVE-2022-22741 (bmo#1740389)
    Browser window spoof using fullscreen mode
  * CVE-2022-22740 (bmo#1742334)
    Use-after-free of ChannelEventQueue::mOwner
  * CVE-2022-22738 (bmo#1742382)
    Heap-buffer-overflow in blendGaussianBlur
  * CVE-2022-22737 (bmo#1745874)
    Race condition when playing audio files
  * CVE-2021-4140 (bmo#1746720)
    Iframe sandbox bypass with XSLT
  * CVE-2022-22748 (bmo#1705211)
    Spoofed origin on external protocol launch dialog
  * CVE-2022-22745 (bmo#1735856)
    Leaking cross-origin URLs through securitypolicyviolation
    event
  * CVE-2022-22744 (bmo#1737252)
    The 'Copy as curl' feature in DevTools did not fully escape
    website-controlled data, potentially leading to command
    injection
  * CVE-2022-22747 (bmo#1735028)
    Crash when handling empty pkcs7 sequence
  * CVE-2022-22739 (bmo#1744158)
    Missing throttling on external protocol launch dialog
  * CVE-2022-22751 (bmo#1664149, bmo#1737816, bmo#1739366,
    bmo#1740274, bmo#1740797, bmo#1741201, bmo#1741869,
    bmo#1743221, bmo#1743515, bmo#1745373, bmo#1746011)
    Memory safety bugs fixed in Thunderbird 91.5
-------------------------------------------------------------------
Mon Jan  3 08:19:52 UTC 2022 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 91.4.1
  * fixed: Attachments that should open in Thunderbird, such as
    ICS attachments, offered to save the file instead
  * fixed: Saving attachments from IMAP accounts where usernames
    contained special characters failed
  * fixed: Temporary files created for forwarded attachments
    sometimes had the wrong extension
  * fixed: S/MIME signatures were shown as invalid by Outlook
  * fixed: URL input boxes on content tabs erroneously displayed
    a search glass icon on macOS
  * fixed: Message bars (such as content blocking) did not use
    high contrast theme colors
  * fixed: Some messages with autocrypt headers loaded slowly,
    causing Thunderbird to hang
  * fixed: Server hostnames were cut-off in the account manager
  * fixed: Account Setup did not support non-ASCII characters in
    passwords
  * fixed: Account Setup did not always retain set values
  * fixed: Virtual folders did not retain folder selection when a
    folder name contained non-ASCII characters
  * fixed: Messages saved as "html" or "eml" did not include
    message headers
  * fixed: "Private web page" field was not included when
    exporting a contact to a vCard
  * fixed: Addons were still active after restarting Thunderbird
    in troubleshooting mode with "disable all addons" checked
  * fixed: FileLink attachments did not always display the
    FileLink provider's icon
  * fixed: FileLink privacy notifications persisted in the
    compose window after removing all FileLink attachments
  * fixed: "Loading" icon remained after a FileLink upload failed
  * fixed: Lengthy event names for multiday events did not wrap
  * fixed: Various theme and UX improvements
  * fixed: Various security fixes
  MFSA 2021-55 (bsc#1194215)
  * CVE-2021-4126 (bmo#1732310)
    OpenPGP signature status doesn't consider additional message
    content
  * CVE-2021-44538 (bmo#1744056)
    Matrix chat library libolm bundled with Thunderbird
    vulnerable to a buffer overflow
-------------------------------------------------------------------
Wed Dec  8 08:17:57 UTC 2021 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 91.4.0
  * fixed: IMAP startup performance improved for accounts with a
    multitude of folders
  * fixed: Thunderbird failed to send messages when configured to
    use an IPv6 SMTP server by IP address (instead of a hostname)
  * fixed: Forwarding messages with attachments sometimes failed
  * fixed: Printing multiple messages at once was not possible
  * fixed: Non-utf8 news groups were not supported
  * fixed: Thunderbird stalled after sending a message with NNTP
    and SMTP recipients
  * fixed: Using Thunderbird with multiple language packs caused
    high RAM and CPU use and sluggish performance
  * fixed: Clicking a "mailto:" started the composer with the
    default sending identity instead of a configured alternate
  * fixed: Drag and dropped text into a plain text message in the
    compose window was handled inconsistently
  * fixed: FileLink messages did not display correctly when
    viewed in Outlook
  * fixed: In account setup, after selecting an extension
    provided protocol, it was not possible to create an IMAP/POP
    account
  * fixed: Multiday selections were not cleared when changing
    week viewed
  * fixed: When creating a new event by clicking and dragging the
    mouse to create a box, the view did not auto-scroll after
    reaching the bottom
  * fixed: Calendar Invitation Panel did not scroll when multiple
    invitations were pending
  * fixed: Calendar print dialog did not have a cancel button
  * fixed: Various security fixes
  MFSA 2021-54 (bsc#1193485)
  * CVE-2021-43536 (bmo#1730120)
    URL leakage when navigating while executing asynchronous
    function
  * CVE-2021-43537 (bmo#1738237)
    Heap buffer overflow when using structured clone
  * CVE-2021-43538 (bmo#1739091)
    Missing fullscreen and pointer lock notification when
    requesting both
  * CVE-2021-43539 (bmo#1739683)
    GC rooting failure when calling wasm instance methods
  * CVE-2021-43541 (bmo#1696685)
    External protocol handler parameters were unescaped
  * CVE-2021-43542 (bmo#1723281)
    XMLHttpRequest error codes could have leaked the existence of
    an external protocol handler
  * CVE-2021-43543 (bmo#1738418)
    Bypass of CSP sandbox directive when embedding
  * CVE-2021-43545 (bmo#1720926)
    Denial of Service when using the Location API in a loop
  * CVE-2021-43546 (bmo#1737751)
    Cursor spoofing could overlay user interface when native
    cursor is zoomed
  * CVE-2021-43528 (bmo#1742579)
    JavaScript unexpectedly enabled for the composition area
  * MOZ-2021-0009 (bmo#1393362, bmo#1736046, bmo#1736751,
    bmo#1737009, bmo#1739372, bmo#1739421)
    Memory safety bugs fixed in Thunderbird 91.4.0
-------------------------------------------------------------------
Wed Dec  1 10:14:22 UTC 2021 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 91.3.2
  * changed: Date selection in Calendar print settings widget
    changed to use mini calendar widget
  * changed: OpenPGP: Botan updated to 2.18.2; addresses
    CVE-2021-40529
  * fixed: "Repair Text Encoding" menu item did not work
  * fixed: Troubleshoot Mode menu item did not always indicate
    whether troubleshooting mode was enabled
  * fixed: Message content could be unintentionally hidden due to
    CSS class names conflicting
  * fixed: SMTP server port was reset to "0" after clicking the
    "Re-Test" button in the Account Setup wizard
  * fixed: No "Paste" option was available in the config editor
    (about:config) context menu
  * fixed: Saving a PDF attachment opened in a separate tab saved
    the email message instead
  * fixed: Opening a PDF attachment from a message in a
    standalone or compose window did move the focus to opened
    attachment
  * fixed: After restart, Thunderbird was not able to restore
    opened message tabs when the message was in a folder with
    non-ASCII characters in its name
  * fixed: The "pill" indicator was incorrectly shown when
    sending a message to newsgroup
  * fixed: When printing from Calendar, after leaving the
    "Calendar" settings, there was no way to go back
  * fixed: Month pickers in the Calendar print UI lacked
    scrollbars when the content overflowed
  * fixed: Account Manager and Addons Manager were unreadable
    when using the Dark theme
- Mozilla Thunderbird 91.3.1
  * changed: OpenPGP public keys will no longer count as an
    attachment in the message list
  * changed: Adding a search engine via URL now supported
  * changed: FileLink messages' template updated; Thunderbird
    advertisement removed
  * changed: After an update, Thunderbird will now check
    installed addons for updates
  * fixed: New mail popups were displayed while running full
    screen applications
  * fixed: Messages received with non-standard "koi8r" encoding
    were not supported
  * fixed: Various macOS stability improvements
  * fixed: PDF attachments opened in Firefox while composing an
    email
  * fixed: Addons were disabled when "Offline Settings" were set
    to "Ask me for online state (on startup)"
  * fixed: Clicking '"addons://" links in the Addons Manager
    prompted for an application to open it, rather than opening
    internally
  * fixed: The Contacts sidebar "Address Book" drop down was
    unreadable on Windows
  * fixed: vCard attachments were not shown when using "inline"
    view for attachments
  * fixed: Importing an ICS file with TODO items failed
-------------------------------------------------------------------
Fri Nov  5 11:27:33 UTC 2021 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 91.3
  * fixed: Default mail headers were set incorrectly when the
    value contained a colon (:)
  * fixed: Thunderbird did not send the QUIT command when closing
    an SMTP connection
  * fixed: Mail tabs could not be closed using the context menu
  * fixed: "Print" context menu was still shown when no message
    pane was displayed
  * fixed: Windows tray icon did not reappear after restarting
    Windows Explorer
  * fixed: Compose window attachment drag and drop fixes
  * fixed: Various macOS stability improvements
  * fixed: Drag and Drop area for file attachments on Windows was
    incorrect
  * fixed: CardDAV address books without a name did not work
  * fixed: Thunderbird tried to refresh disabled and manual-only
    calendars when the network state changed from offline to
    online
  * fixed: Various Calendar event dialog fixes
  * fixed: Various security fixes
  MFSA 2021-50 (bsc#1192250)
  * CVE-2021-38503 (bmo#1729517)
    iframe sandbox rules did not apply to XSLT stylesheets
  * CVE-2021-38504 (bmo#1730156)
    Use-after-free in file picker dialog
  * CVE-2021-38505 (bmo#1730194)
    Windows 10 Cloud Clipboard may have recorded sensitive user
    data
  * CVE-2021-38506 (bmo#1730750)
    Thunderbird could be coaxed into going into fullscreen mode
    without notification or warning
  * CVE-2021-38507 (bmo#1730935)
    Opportunistic Encryption in HTTP2 could be used to bypass the
    Same-Origin-Policy on services hosted on other ports
  * MOZ-2021-0008 (bmo#1667102)
    Use-after-free in HTTP2 Session object
  * CVE-2021-38508 (bmo#1366818)
    Permission Prompt could be overlaid, resulting in user
    confusion and potential spoofing
  * CVE-2021-38509 (bmo#1718571)
    Javascript alert box could have been spoofed onto an
    arbitrary domain
  * CVE-2021-38510 (bmo#1731779)
    Download Protections were bypassed by .inetloc files on Mac
    OS
  * MOZ-2021-0007 (bmo#1606864, bmo#1712671, bmo#1730048,
    bmo#1735152)
    Memory safety bugs fixed in Thunderbird ESR 91.3
- Drop unused pkgconfig(gdk-x11-2.0) BuildRequires
- Drop mozilla-neqo-fix-fips-crash.patch which is now upstream
- add mozilla-bmo1724679.patch (bmo#1724679, boo#1182863)
  fix some env variables which are enabled for any value
-------------------------------------------------------------------
Wed Oct 13 10:30:51 UTC 2021 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 91.2
  * changed: Saving a single message as .eml now uses a unique
    filename
  * fixed: New mail notifications did not properly take
    subfolders into account
  * fixed: Decrypting binary attachments when using an external
    GnuPG configuration failed
  * fixed: Account name fields in the account manager were not
    big enough for long names
  * fixed: LDAP searches using an extensibleMatch filter returned
    no results
  * fixed: Read-only CalDAV calendars and CardDAV address books
    were not detected
  * fixed: Multipart messages containing a calendar invite did
    not display any of the human-readable alternatives
  * fixed: Some calendar days were displayed incorrectly or
    duplicated (eg. two "29th" days of a particular month)
  * fixed: Phantom event was shown at the end of each day in
    Calendar week view
  * fixed: Various security fixes
  MFSA 2021-47 (bsc#1191332)
  * CVE-2021-38502 (bmo#1733366)
    Downgrade attack on SMTP STARTTLS connections
  * CVE-2021-38496 (bmo#1725335)
    Use-after-free in MessageTask
  * CVE-2021-38497 (bmo#1726621)
    Validation message could have been overlaid on another origin
  * CVE-2021-38498 (bmo#1729642)
    Use-after-free of nsLanguageAtomService object
  * CVE-2021-32810 (bmo#1729813,
    bmo#https://github.com/crossbeam-
    rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw)
    Data race in crossbeam-deque
  * CVE-2021-38500 (bmo#1725854, bmo#1728321)
    Memory safety bugs fixed in Thunderbird 91.2
  * CVE-2021-38501 (bmo#1685354, bmo#1715755, bmo#1723176)
    Memory safety bugs fixed in Thunderbird 91.2
-------------------------------------------------------------------
Wed Oct  6 11:57:53 UTC 2021 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 91.1.2
  * Thunderbird will now warn if an S/MIME encrypted message includes
    BCC recipients
  * fixed: Message Security popup did not display all recipients
    due a missing scrollbar
  * fixed: Delivery Status Notifications were only shown for the
    first recipient
  * fixed: Composing a message from a template with attachments
    failed due to a temporary file being removed
  * fixed: Attachment sizes were no longer included on printed
    emails
  * fixed: A message sent with multiple attachments sometimes
    only sent one
  * fixed: Thunderbird sometimes attached the wrong messages when
    forwarding multiple messages by attachment
  * fixed: Thunderbird did not re-prompt for an SMTP username if
    one was not provided
  * fixed: Messages with BCC recipients that were held in the
    Outbox did not retain the BCC header when moved to the Sent
    folder
  * fixed: Thunderbird displayed reminders for events that were
    cancelled or declined
  * fixed: New Feed Account dialog did not honor dark mode
- Mozilla Thunderbird 91.1.1
  * Menu item for disabling subject encryption for a single message added
  * Printing messages that are not currently displayed is no longer
    supported, including printing multiple messages at once
  * fixed: Buttons on compose window dialogs did not have a
    visual indication of focus
  * fixed: Dropdown fields in message compose window were
    unreadable on Windows 7 with a dark theme
  * fixed: Multiple bulk mail notification warnings were
    displayed
  * fixed: Enabled/Disabled state of message filters did not
    persist as expected
  * fixed: Printing a message did not print a list of its
    attachments
  * fixed: Images attached from a web page were not sent as
    expected
  * fixed: OpenPGP public key was attached multiple times when
    forwading a message
  * fixed: Windows tray icon disappeared if Thunderbird was
    started by a shortcut with "Run" set to "Minimized"
  * fixed: Windows tray message count badge displayed the
    "unread" count instead of the "new" message count
  * fixed: Some downstream Thunderbird builds were incorrectly
    checking addons for a signature, causing all addons to be
    disabled
  * fixed: Addressbooks set up with autoconfig showed no search
    results
  * fixed: Various CardDAV setup and auto-detection fixes
  * fixed: Dates (such as birthday) stored in contacts may
    display the wrong date; a one-time manual fix may be needed
    for dates that are incorrect.
  * fixed: Attached VCards displayed as plain text when an email
    was HTML formatted
  * fixed: Mailing list names with non-ASCII characters
    incorrectly displayed with an error
  * fixed: LDAP directories were not searched for matches when
    adding recipients to an email
  * fixed: Clicking "Connect to an LDAP address book" in account
    setup opened CardDAV setup dialog
  * fixed: LDAP address books using Kerberos/GSS-API
    authentication did not authenticate
  * fixed: LDAP search queries containing non-ASCII characters
    produced no results
  * fixed: IRC server connections did not automatically retry
    after a timeout
  * fixed: Calendar event editor did not honor
    `mail.spellcheck.inline`
- MOZ_ENABLE_WAYLAND env variable now overrides automatic detection
  if already set before startup
- Mozilla Thunderbird 91.1.0
  * Thunderbird registered Accessibility Handlers using same GUIDs
    as Firefox, causing performance issues for NVDA users
  * Focus lost when reordering accounts by keyboard in the Account Manager
  * Account setup did not use provider display name for setting up
    calendars
  * Various theme and UX fixes
  MFSA 2021-41 (bsc#1190269)
  * CVE-2021-38492 (bmo#1721107)
    Navigating to `mk:` URL scheme could load Internet Explorer
  * CVE-2021-38495 (bmo#1723391, bmo#1723920, bmo#1724101,
    bmo#1724107)
    Memory safety bugs fixed in Thunderbird 91.1
- add mozilla-bmo531915.patch to fix build for i586
- Remove obsolete patch mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
-------------------------------------------------------------------
Fri Sep  3 10:05:46 UTC 2021 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 91.0.3:
  * fixed: Folder icons could be overridden by linked favicons in
    HTML messages
  * fixed: Unified folders showed no messages when underlying
    folders were removed
  * fixed: Folder pane toolbar did not always persist after
    restarting Thunderbird
  * fixed: Compose window attachment pane did not close when
    disabling signing of an OpenPGP message
  * fixed: Using "Reply to List" with some list emails
    incorrectly opened a "no-reply" warning
  * fixed: Account setup UX issues with Exchange autodiscover
  * fixed: Account settings did not display non-UTF-8 server
    descriptions correctly
  * fixed: Thunderbird sometimes sent an unnecessary "SMTPUTF8",
    causing some servers to reject mail
  * fixed: No mouseover pop was displayed with event details for
    non-all-day events in the Today Pane
  * fixed: Filtering tasks in the Today Pane did not work
  * fixed: Email based event scheduling displayed the date and
    time in a format unreadable by humans
- Mozilla Thunderbird 91.0.2:
  * new: Tags are now colored in mail filter editor
  * changed: Context menu items related to OpenPGP and
    attachments are now hidden when not applicable
  * fixed: Creating a new account with manual setup failed
  * fixed: Recipient autocomplete always preferred the primary
    email address for a contact
  * fixed: LDAP performance improvements
  * fixed: Extensions listed on the Recommended Addons did not
    have a clear way to view details in a browser
  * fixed: Status checkmark on View > Calendar > Calendar Pane >
    Show Calendar Pane was reversed
  * fixed: mid: URLs in calendar invites did not open the linked
    mail message
  * fixed: Various theme and UX fixes
- Mozilla Thunderbird 91.0.1
  MFSA 2021-37 (bsc#1189547)
  * CVE-2021-29991 (bmo#1724896)
    Header Splitting possible with HTTP/3 Responses
- appdate screenshot URL updated (by mailaender@opensuse.org)
- Mozilla Thunderbird 91.0
  * based on Mozilla's 91 ESR codebase
  * many new and changed features
    https://www.thunderbird.net/en-US/thunderbird/91.0/releasenotes/#whatsnew
  * Renamed "Add-ons" to "Add-ons and Themes" and "Options" to "Preferences"
  * Thunderbird now operates in multi-process (e10s) mode by default
  * New user interface for adding attachments
  * Enable redirect of messages
  * CardDAV address book support
- Removed obsolete patches:
  * mozilla-bmo1463035.patch
  * mozilla-ppc-altivec_static_inline.patch
  * mozilla-pipewire-0-3.patch
  * mozilla-bmo1554971.patch
- add mozilla-libavcodec58_91.patch
- removed obsolete BigEndian ICU build workaround
- updated build requirements
- Readd mozilla-silence-no-return-type.patch
-------------------------------------------------------------------
Thu Aug 12 06:00:10 UTC 2021 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 78.13
  * changed: WeTransfer FileLink provider removed
  * changed: The fix for bmo#1707360, from Thunderbird 78.12.0,
    was removed for causing regressions
  * fixed: OpenPGP: Homebrew's GPG Smartcard libraries not found
    on M1 Macs
  * fixed: Various security fixes
  MFSA 2021-35 (bsc#1188891)
  * CVE-2021-29986 (bmo#1696138)
    Race condition when resolving DNS names could have led to
    memory corruption
  * CVE-2021-29988 (bmo#1717922)
    Memory corruption as a result of incorrect style treatment
  * CVE-2021-29984 (bmo#1720031)
    Incorrect instruction reordering during JIT optimization
  * CVE-2021-29980 (bmo#1722204)
    Uninitialized memory in a canvas object could have led to
    memory corruption
  * CVE-2021-29985 (bmo#1722083)
    Use-after-free media channels
  * CVE-2021-29989 (bmo#1662676, bmo#1666184, bmo#1719178,
    bmo#1719998, bmo#1720568)
    Memory safety bugs fixed in Thunderbird 78.13
-------------------------------------------------------------------
Thu Jul 15 06:34:24 UTC 2021 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 78.12
  * fixed: Sending an email containing HTML links with spaces in
    the URL sometimes resulted in broken links
  * fixed: Folder Pane display theme fixes for macOS
  * fixed: Chat account settings did not always save as expected
  * fixed: RSS feed subscriptions sometimes lost
  * fixed: Calendar: A parsing error for alarm triggers of type
    "DURATION" caused sync problems for some users
  * fixed: Various security fixes
  MFSA 2021-30 (bsc#1188275)
  * CVE-2021-29969 (bmo#1682370)
    IMAP server responses sent by a MITM prior to STARTTLS could
    be processed
  * CVE-2021-29970 (bmo#1709976)
    Use-after-free in accessibility features of a document
  * CVE-2021-30547 (bmo#1715766)
    Out of bounds write in ANGLE
  * CVE-2021-29976 (bmo#1700895, bmo#1703334, bmo#1706910,
    bmo#1711576, bmo#1714391)
    Memory safety bugs fixed in Thunderbird 78.12
-------------------------------------------------------------------
Tue Jun  8 14:01:40 UTC 2021 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 78.11
  * fixed: OpenPGP could not be disabled for an account if a key
    was previously configured
  * fixed: Recipients were unable to decrypt some messages when
    the sender had changed the message encryption from OpenPGP to
    S/MIME
  * fixed: Contacts moved between CardDAV address books were not
    synced to the new server
  * fixed: CardDAV compatibility fixes for Google Contacts
  * fixed: Folder pane had no clear indication of focus on macOS
  * fixed: Windows theme improvements
  * fixed: Various security fixes
  MFSA 2021-26 (bsc#1186696)
  * CVE-2021-29964 (bmo#1706501)
    Out of bounds-read when parsing a `WM_COPYDATA` message
  * CVE-2021-29967 (bmo#1602862, bmo#1703191, bmo#1703760,
    bmo#1704722, bmo#1706041)
    Memory safety bugs fixed in Thunderbird 78.11
- Added the new Mozilla's GPG key, expiring on 2023-05-17 to the
  mozilla.keyring file
-------------------------------------------------------------------
Tue May 18 12:08:16 UTC 2021 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 78.10.2
  * new: Added support for importing OpenPGP keys without a
    primary secret key
  * new: Add-ons manager displays a preferences icon for mail
    extensions that include an options page
  * fixed: OpenPGP messages with a high compression ratio (over
    10x) could not be decrypted
  * fixed: Selected OpenPGP key was lost after opening the Key
    Properties dialog in Account Settings
  * fixed: Parsing some OpenPGP user IDs failed
  * fixed: Various improvements to OpenPGP partial encryption
    reminders
  * fixed: Troubleshooting information page did not display row
    labels on macOS
  * fixed: Mail toolbar buttons were too big when displaying both
    icons and text
  * fixed: Various security fixes
  MFSA 2021-22
  * CVE-2021-29957 (bmo#1673241, bsc#1186198)
    Partial protection of inline OpenPGP message not indicated
  * CVE-2021-29956 (bmo#1710290, bsc#1186199)
    Thunderbird stored OpenPGP secret keys without master
    password protection
- Mozilla Thunderbird 78.10.1
  MFSA 2021-19
  * CVE-2021-29951 (bmo#1690062, bsc#1185633)
    Thunderbird Maintenance Service could have been started or 
    stopped by domain users 
-------------------------------------------------------------------
Wed May  5 09:43:23 UTC 2021 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 78.8.1
  * changed: Removed the fix for bug 1689804 introduced in
    Thunderbird 78.9.0, restoring the previous behavior
  * fixed: Various security fixes
  MFSA 2021-17 (bsc#1185633)
  * CVE-2021-29950 (bmo#1673239)
    Logic issue potentially leaves key material unlocked
-------------------------------------------------------------------
Tue Apr 20 08:34:17 UTC 2021 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 78.10
  * fixed: Usability & theme improvements on Windows
  * fixed: Various security fixes
  MFSA 2021-14 (bsc#1184960)
  * CVE-2021-23994 (bmo#1699077)
    Out of bound write due to lazy initialization
  * CVE-2021-23995 (bmo#1699835)
    Use-after-free in Responsive Design Mode
  * CVE-2021-23998 (bmo#1667456)
    Secure Lock icon could have been spoofed
  * CVE-2021-23961 (bmo#1677940)
    More internal network hosts could have been probed by a
    malicious webpage
  * CVE-2021-23999 (bmo#1691153)
    Blob URLs may have been granted additional privileges
  * CVE-2021-24002 (bmo#1702374)
    Arbitrary FTP command execution on FTP servers using an
    encoded URL
  * CVE-2021-29945 (bmo#1700690)
    Incorrect size computation in WebAssembly JIT could lead to
    null-reads
  * CVE-2021-29946 (bmo#1698503)
    Port blocking could be bypassed
  * CVE-2021-29948 (bmo#1692899)
    Race condition when reading from disk while verifying
    signatures
-------------------------------------------------------------------
Fri Apr  9 09:07:21 UTC 2021 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 78.9.1
  * new: Support recipient aliases for OpenPGP encryption.
    Documentation can be found https://wiki.mozilla.org/
    Thunderbird:OpenPGP:Aliases.
  * fixed: The key and signature parts of the message security
    popup on a received message could not be selected for
    copy/paste.
  * fixed: Various UX and theme improvements
  MFSA 2021-13 (bsc#1184536)
  * CVE-2021-23991 (bmo#1673240)
    An attacker may use Thunderbird's OpenPGP key refresh
    mechanism to poison an existing key
  * MOZ-2021-23992 (bmo#1666236)
    A crafted OpenPGP key with an invalid user ID could be used
    to confuse the user
  * CVE-2021-23993 (bmo#1666360)
    Inability to send encrypted OpenPGP email after importing a
    crafted OpenPGP key
-------------------------------------------------------------------
Fri Mar 26 07:53:07 UTC 2021 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 78.9
  * fixed: New mail notification displayed old messages that were
    unread
  * fixed: Spaces following soft line breaks in messages using
    quoted-printable and format=flowed were incorrectly encoded;
    existing messages which were previously incorrectly encoded
    may now display with some words not separated by a space
  * fixed: Some fields were unreadable in the Dark theme in the
    General preferences panel
  * fixed: Sending a message containing an anchor tag with an
    invalid data URI failed
  * fixed: When switching tabs, input focus was not moved to the
    new tab
  * fixed: Address Book: Syncing a read-only Google address book
    via CardDAV failed
  * fixed: Address Book: Importing VCards with non-ascii
    characters would fail
  * fixed: Address Book: Some values may not have been parsed
    when syncing from Google address books.
  * fixed: Add-ons Manager did not show if an addon used
    experiment APIs
  * fixed: Calendar: Removing a recurring task was not possible
  * fixed: Various security fixes
  MFSA 2021-12 (bsc#1183942)
  * CVE-2021-23981 (bmo#1692832)
    Texture upload into an unbound backing buffer resulted in an
    out-of-bound read
  * MOZ-2021-0002 (bmo#1691547)
    Angle graphics library out of date
  * CVE-2021-23982 (bmo#1677046)
    Internal network hosts could have been probed by a malicious
    webpage
  * CVE-2021-23984 (bmo#1693664)
    Malicious extensions could have spoofed popup information
  * CVE-2021-23987 (bmo#1513519, bmo#1683439, bmo#1690169,
    bmo#1690718)
    Memory safety bugs fixed in Thunderbird 78.9
- cleaned up and fixed mozilla.sh.in for wayland (boo#1177542)
-------------------------------------------------------------------
Wed Feb 24 07:37:12 UTC 2021 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 78.8
  * fixed: Importing an address book from a CSV file always
    reported an error (bmo#1685048)
  * fixed: Security information for S/MIME messages was not
    displayed correctly prior to a draft being saved
    (bmo#1683701)
  * fixed: Calendar: FileLink UI fixes for Caldav calendars
    (bmo#1669803)
  * fixed: Recurring tasks were always marked incomplete; unable
    to use filters (bmo#1686466)
  * fixed: Various UI widgets not working (bmo#1690098)
  * fixed: Dark theme improvements (bmo#1691106)
  * fixed: Extension manager was missing link to addon support
    web page (bmo#1642219)
  * fixed: Various security fixes
  MFSA 2021-09 (bsc#1182614)
  * CVE-2021-23969 (bmo#1542194)
    Content Security Policy violation report could have contained
    the destination of a redirect
  * CVE-2021-23968 (bmo#1687342)
    Content Security Policy violation report could have contained
    the destination of a redirect
  * CVE-2021-23973 (bmo#1690976)
    MediaError message property could have leaked information
    about cross-origin resources
  * CVE-2021-23978 (bmo#1682928, bmo#1687391, bmo#1687597,
    bmo#786797)
    Memory safety bugs fixed in Thunderbird 78.8
- Update create-tar.sh to use https instead of http (bsc#1182357)
-------------------------------------------------------------------
Mon Feb  8 10:34:55 UTC 2021 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 78.7.1 (bsc#1181848)
  * changed: Building OpenPGP shared library linked to system
    libraries now supported (bmo#1634963)
  * changed: MailExtension errors now shown in Developer Tools
    console by default (bmo#1650149)
  * changed: MailExtensions: Dynamic registration of calendar
    providers now supported (bmo#1652885)
  * fixed: OpenPGP improvements (bmo#1655210)
  * fixed: Message preview was sometimes blank after upgrading
    from Thunderbird 68 (bmo#1653168)
  * fixed: Email addresses whitelisted for remote content not
    displayed in preferences (bmo#1652575)
  * fixed: Importing data from Seamonkey did not work
    (bmo#272292)
  * fixed: Renaming a mail list did not update the side bar
    (bmo#1632331)
  * fixed: MailExtensions: messenger.* namespace was undefined
    (bmo#1641573)
-------------------------------------------------------------------
Wed Jan 27 06:52:27 UTC 2021 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 78.7
  * changed: MailExtensions: browserAction, composeAction, and
    messageDisplayAction toolbar buttons now support label and
    default_label properties (bmo#1583478)
  * fixed: Running a quicksearch that returned no results did not
    offer to re-run as a global search (bmo#1663153)
  * fixed: Message search toolbar fixes (bmo#1681010)
  * fixed: Very long subject lines distorted the message compose
    and display windows, making them unusable (bmo#77806)
  * fixed: Compose window: Recipient addresses that had not yet
    been autocompleted were lost when clicking Send button
    (bmo#1674054)
  * fixed: Compose window: New message is no longer marked as
    "changed" just from tabbing out of the recipient field
    without editing anything (bmo#1681389)
  * fixed: Account autodiscover fixes when using MS Exchange
    servers (bmo#1679759)
  * fixed: LDAP address book stability fix (bmo#1680914)
  * fixed: Messages with invalid vcard attachments were not
    marked as read when viewed in the preview window
    (bmo#1680468)
  * fixed: Chat: Could not add TLS certificate exceptions for
    XMPP connections (bmo#1590471)
  * fixed: Calendar: System timezone was not always properly
    detected (bmo#1678839)
  * fixed: Calendar: Descriptions were sometimes blank when
    editing a single occurrence of a repeating event
    (bmo#1664731)
  * fixed: Various printing bugfixes (bmo#1676166)
  * fixed: Visual consistency and theme improvements
    (bmo#1682808)
  * fixed: Various security fixes
  MFSA 2021-05 (bsc#1181414)
  * CVE-2021-23953 (bmo#1683940)
    Cross-origin information leakage via redirected PDF requests
  * CVE-2021-23954 (bmo#1684020)
    Type confusion when using logical assignment operators in
    JavaScript switch statements
  * CVE-2020-15685 (bmo#1622640)
    IMAP Response Injection when using STARTTLS
  * CVE-2020-26976 (bmo#1674343)
    HTTPS pages could have been intercepted by a registered
    service worker when they should not have been
  * CVE-2021-23960 (bmo#1675755)
    Use-after-poison for incorrectly redeclared JavaScript
    variables during GC
  * CVE-2021-23964 (bmo#1662507, bmo#1666285, bmo#1673526,
    bmo#1674278, bmo#1674835, bmo#1675097, bmo#1675844,
    bmo#1675868, bmo#1677590, bmo#1677888, bmo#1680410,
    bmo#1681268, bmo#1682068, bmo#1682938, bmo#1683736,
    bmo#1685260, bmo#1685925)
    Memory safety bugs fixed in Thunderbird 78.7
-------------------------------------------------------------------
Tue Jan 12 07:39:20 UTC 2021 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 78.6.1
  * changed: MailExtensions: browserAction, composeAction, and
    messageDisplayAction toolbar buttons now support label and
    default_label properties (bmo#1583478)
  * fixed: Running a quicksearch that returned no results did not
    offer to re-run as a global search (bmo#1663153)
  * fixed: Message search toolbar fixes (bmo#1681010)
  * fixed: Very long subject lines distorted the message compose
    and display windows, making them unusable (bmo#77806)
  * fixed: Compose window: Recipient addresses that had not yet
    been autocompleted were lost when clicking Send button
    (bmo#1674054)
  * fixed: Compose window: New message is no longer marked as
    "changed" just from tabbing out of the recipient field
    without editing anything (bmo#1681389)
  * fixed: Account autodiscover fixes when using MS Exchange
    servers (bmo#1679759)
  * fixed: LDAP address book stability fix (bmo#1680914)
  * fixed: Messages with invalid vcard attachments were not
    marked as read when viewed in the preview window
    (bmo#1680468)
  * fixed: Chat: Could not add TLS certificate exceptions for
    XMPP connections (bmo#1590471)
  * fixed: Calendar: System timezone was not always properly
    detected (bmo#1678839)
  * fixed: Calendar: Descriptions were sometimes blank when
    editing a single occurrence of a repeating event
    (bmo#1664731)
  * fixed: Various printing bugfixes (bmo#1676166)
  * fixed: Visual consistency and theme improvements
    (bmo#1682808)
  MFSA 2021-02 (bsc#1180623)
  * CVE-2020-16044 (bmo#1683964)
    Use-after-free write when handling a malicious COOKIE-ECHO
    SCTP chunk
-------------------------------------------------------------------
Tue Dec 15 13:53:59 UTC 2020 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 78.6
  * new: MailExtensions: Added
    browser.windows.openDefaultBrowser() (bmo#1664708)
  * changed: Thunderbird now only shows quota exceeded
    indications on the main window (bmo#1671748)
  * changed: MailExtensions: menus API enabled in messages being
    composed (bmo#1670832)
  * changed: MailExtensions: Honor allowScriptsToClose argument
    in windows.create API function (bmo#1675940)
  * changed: MailExtensions: APIs that returned an accountId will
    reflect the account the message belongs to, not what is
    stored in message headers (bmo#1644032)
  * fixed: Keyboard shortcut for toggling message "read" status
    not shown in menus (bmo#1619248)
  * fixed: OpenPGP: After importing a secret key, Key Manager
    displayed properties of the wrong key (bmo#1667054)
  * fixed: OpenPGP: Inline PGP parsing improvements (bmo#1660041)
  * fixed: OpenPGP: Discovering keys online via Key Manager
    sometimes failed on Linux (bmo#1634053)
  * fixed: OpenPGP: Encrypted attachment "Decrypt and Open/Save
    As" did not work (bmo#1663169)
  * fixed: OpenPGP: Importing keys failed on macOS (bmo#1680757)
  * fixed: OpenPGP: Verification of clear signed UTF-8 text
    failed (bmo#1679756)
  * fixed: Address book: Some columns incorrectly displayed no
    data (bmo#1631201)
  * fixed: Address book: The address book view did not update
    after changing the name format in the menu (bmo#1678555)
  * fixed: Calendar: Could not import an ICS file into a CalDAV
    calendar (bmo#1652984)
  * fixed: Calendar: Two "Home" calendars were visible on a new
    profile (bmo#1656782)
  * fixed: Calendar: Dark theme was incomplete on Linux
    (bmo#1655543)
  * fixed: Dark theme did not apply to new mail notification
    popups (bmo#1681083)
  * fixed: Folder icon, message list, and contact side bar visual
    improvements (bmo#1679436)
  * fixed: MailExtensions: HTTP refresh in browser content tabs
    did not work (bmo#1667774)
  * fixed: MailExtensions: messageDisplayScripts failed to run in
    main window (bmo#1674932)
  * fixed: Various security fixes
  MFSA 2020-56 (bsc#1180039)
  * CVE-2020-16042 (bmo#1679003)
    Operations on a BigInt could have caused uninitialized memory
    to be exposed
  * CVE-2020-26971 (bmo#1663466)
    Heap buffer overflow in WebGL
  * CVE-2020-26973 (bmo#1680084)
    CSS Sanitizer performed incorrect sanitization
  * CVE-2020-26974 (bmo#1681022)
    Incorrect cast of StyleGenericFlexBasis resulted in a heap
    use-after-free
  * CVE-2020-26978 (bmo#1677047)
    Internal network hosts could have been probed by a malicious
    webpage
  * CVE-2020-35111 (bmo#1657916)
    The proxy.onRequest API did not catch view-source URLs
  * CVE-2020-35112 (bmo#1661365)
    Opening an extension-less download may have inadvertently
    launched an executable instead
  * CVE-2020-35113 (bmo#1664831, bmo#1673589)
    Memory safety bugs fixed in Thunderbird 78.6
-------------------------------------------------------------------
Wed Dec  2 13:48:45 UTC 2020 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 78.5.1
  * new: OpenPGP: Added option to disable email subject
    encryption (bmo#1666073)
  * changed: OpenPGP public key import now supports multi-file
    selection and bulk accepting imported keys (bmo#1665145)
  * changed: MailExtensions: getComposeDetails will wait for
    "compose-editor-ready" event (bmo#1675012)
  * fixed: New mail icon was not removed from the system tray at
    shutdown (bmo#1664586)
  * fixed: "Place replies in the folder of the message being
    replied to" did not work when using "Reply to List"
    (bmo#522450)
  * fixed: Thunderbird did not honor the "Run search on server"
    option when searching messages (bmo#546925)
  * fixed: Highlight color for folders with unread messages
    wasn't visible in dark theme (bmo#1676697)
  * fixed: OpenPGP: Key were missing from Key Manager
    (bmo#1674521)
  * fixed: OpenPGP: Option to import keys from clipboard always
    disabled (bmo#1676842)
  * fixed: The "Link" button on the large attachments info bar
    failed to open up Filelink section in Options if the user had
    not yet configured Filelink (bmo#1677647)
  * fixed: Address book: Printing members of a mailing list
    resulted in incorrect output (bmo#1676859)
  * fixed: Unable to connect to LDAP servers configured with a
    self-signed SSL certificate (bmo#1659947)
  * fixed: Autoconfig via LDAP did not work as expected
    (bmo#1662433)
  * fixed: Calendar: Pressing Ctrl-Enter in the new event dialog
    would create duplicate events (bmo#1668478)
  * fixed: Various security fixes
  MFSA 2020-53 (bsc#1179530)
  * CVE-2020-26970 (bmo#1677338)
    Stack overflow due to incorrect parsing of SMTP server
    response codes
-------------------------------------------------------------------
Thu Nov 19 14:58:26 UTC 2020 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 78.5.0
  * new: OpenPGP: Added option to disable attaching the public
    key to a signed message (bmo#1654950)
  * new: MailExtensions: "compose_attachments" context added to
    Menus API (bmo#1670822)
  * new: MailExtensions: Menus API now available on displayed
    messages (bmo#1670825)
  * changed: MailExtensions: browser.tabs.create will now wait
    for "mail-delayed-startup-finished" event (bmo#1674407)
  * fixed: OpenPGP: Support for inline PGP messages improved
    (bmo#1672851)
  * fixed: OpenPGP: Message security dialog showed unverified
    keys as unavailable (bmo#1675285)
  * fixed: Chat: New chat contact menu item did not function
    (bmo#1663321)
  * fixed: Various theme and usability improvements (bmo#1673861)
  * fixed: Various security fixes
  MFSA 2020-52 (bsc#1178894)
  * CVE-2020-26951 (bmo#1667113)
    Parsing mismatches could confuse and bypass security
    sanitizer for chrome privileged code
  * CVE-2020-16012 (bmo#1642028)
    Variable time processing of cross-origin images during
    drawImage calls
  * CVE-2020-26953 (bmo#1656741)
    Fullscreen could be enabled without displaying the security UI
  * CVE-2020-26956 (bmo#1666300)
    XSS through paste (manual and clipboard API)
  * CVE-2020-26958 (bmo#1669355)
    Requests intercepted through ServiceWorkers lacked MIME type
    restrictions
  * CVE-2020-26959 (bmo#1669466)
    Use-after-free in WebRequestService
  * CVE-2020-26960 (bmo#1670358)
    Potential use-after-free in uses of nsTArray
  * CVE-2020-15999 (bmo#1672223)
    Heap buffer overflow in freetype
  * CVE-2020-26961 (bmo#1672528)
    DoH did not filter IPv4 mapped IP Addresses
  * CVE-2020-26965 (bmo#1661617)
    Software keyboards may have remembered typed passwords
  * CVE-2020-26966 (bmo#1663571)
    Single-word search queries were also broadcast to local
    network
  * CVE-2020-26968 (bmo#1551615, bmo#1607762, bmo#1656697,
    bmo#1657739, bmo#1660236, bmo#1667912, bmo#1671479,
    bmo#1671923)
    Memory safety bugs fixed in Thunderbird 78.5
-------------------------------------------------------------------
Mon Nov 16 08:46:08 UTC 2020 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 78.4.3 
  * fixed: User interface was inconsistent when switching from
    the default theme to the dark theme and back to the default
    theme (bmo#1659282)
  * fixed: Email subject would disappear when hovering over it
    with the mouse when using Windows 7 Classic theme
    (bmo#1675970)
-------------------------------------------------------------------
Tue Nov 10 09:42:42 UTC 2020 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 78.4.2 
  MFSA 2020-49 (bsc#1178611)
  * CVE-2020-26950 (bmo#1675905)
    Write side effects in MCallGetProperty opcode not accounted
    for
- Mozilla Thunderbird 78.4.1
  * new: Thunderbird prompts for an address to use when starting
    an email from an address book entry with multiple addresses
    (bmo#84028)
  * fixed: Searching global search results did not work
    (bmo#1664761)
  * fixed: Link location was not focused by default when adding a
    hyperlink in message composer (bmo#1670660)
  * fixed: Advanced address book search dialog was unusable
    (bmo#1668147)
  * fixed: Encrypted draft reply emails lost "Re:" prefix
    (bmo#1661510)
  * fixed: Replying to a newsgroup message did not open the
    compose window (bmo#1672667)
  * fixed: Unable to delete multiple newsgroup messages
    (bmo#1657988)
  * fixed: Appmenu displayed visual glitches (bmo#1636243)
  * fixed: Visual glitches when selecting multiple messages in
    the message pane and using Ctrl+click (bmo#1671800)
  * fixed: Switching between dark and light mode could lead to
    unreadable text on macOS (bmo#1668989)
-------------------------------------------------------------------
Thu Oct 22 07:09:31 UTC 2020 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 78.4
  * new: MailExtensions: browser.tabs.sendMessage API added
    (bmo#1641576)
  * new: MailExtensions: messageDisplayScripts API added
    (bmo#1504475)
  * changed: Yahoo and AOL mail users using password
    authentication will be migrated to OAuth2 (bmo#1606339)
  * changed: MailExtensions: messageDisplay APIs extended to
    support multiple selected messages (bmo#1617461)
  * changed: MailExtensions: compose.begin functions now support
    creating a message with attachments (bmo#1662018)
  * fixed: Thunderbird could freeze when updating global search
    index (bmo#1669872)
  * fixed: Multiple issues with handling of self-signed SSL
    certificates addressed (bmo#1590474)
  * fixed: Recipient address fields in compose window could
    expand to fill all available space (bmo#1666463)
  * fixed: Inserting emoji characters in message compose window
    caused unexpected behavior (bmo#1638874)
  * fixed: Button to restore default folder icon color was not
    keyboard accessible (bmo#1663075)
  * fixed: Various keyboard navigation fixes (bmo#1667567)
  * fixed: Various color-related theme fixes (bmo#1668410)
  * fixed: MailExtensions: Updating attachments with
    onBeforeSend.addListener() did not work (bmo#1662015)
  MFSA 2020-47 (bsc#1177977)
  * CVE-2020-15969 (bmo#1666570, https://github.com/sctplab/
    usrsctp/commit/ffed0925f27d404173c1e3e750d818f432d2c019)
    Use-after-free in usersctp
  * CVE-2020-15683 (bmo#1576843, bmo#1656987, bmo#1660954,
    bmo#1662760, bmo#1663439, bmo#1666140)
    Memory safety bugs fixed in Thunderbird 78.4
-------------------------------------------------------------------
Mon Oct 19 06:02:43 UTC 2020 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 78.3.3
  * OpenPGP: Improved support for encrypting with subkeys
    (bmo#1665497)
  * OpenPGP message status icons were not visible in
    message header pane (bmo#1670067)
  * OpenPGP Key Manager was missing from Tools menu on
    macOS (bmo#1662279)
  * Creating a new calendar event did not require an event
    title (bmo#1663303)
-------------------------------------------------------------------
Wed Oct 14 14:12:58 UTC 2020 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 78.3.2 (bsc#1176899)
  * OpenPGP: Improved support for encrypting with subkeys
  * OpenPGP: Encrypted messages with international characters were
    sometimes displayed incorrectly
  * Single-click deletion of recipient pills with middle mouse
    button restored
  * Searching an address book list did not display results
  * Dark mode, high contrast, and Windows theming fixes
- Mozilla Thunderbird 78.3.1
  * fix crash in nsImapProtocol::CreateNewLineFromSocket (bmo#1667120)
- Mozilla Thunderbird 78.3.0
  MFSA 2020-44 (bsc#1176756)
  * CVE-2020-15677 (bmo#1641487)
    Download origin spoofing via redirect
  * CVE-2020-15676 (bmo#1646140)
    XSS when pasting attacker-controlled data into a
    contenteditable element
  * CVE-2020-15678 (bmo#1660211)
    When recursing through layers while scrolling, an iterator
    may have become invalid, resulting in a potential use-after-
    free scenario
  * CVE-2020-15673 (bmo#1648493, bmo#1660800)
    Memory safety bugs fixed in Thunderbird 78.3
- requires NSPR >= 4.25.1
- removed obsolete thunderbird-bmo1664607.patch
- Mozilla Thunderbird 78.2.2
  https://www.thunderbird.net/en-US/thunderbird/78.2.2/releasenotes
- added thunderbird-bmo1664607.patch required for builds w/o updater
  (boo#1176384)
- Mozilla Thunderbird 78.2.1 (bsc#1174230)
  * based on Mozilla's 78 ESR codebase
  * many new and changed features
    https://www.thunderbird.net/en-US/thunderbird/78.0/releasenotes/#whatsnew
  * built-in OpenPGP support (enigmail neither required nor supported)
- added platform patches:
  * mozilla-s390x-skia-gradient.patch
  * mozilla-pipewire-0-3.patch
  * mozilla-bmo1512162.patch
  * mozilla-bmo1626236.patch
  * mozilla-bmo998749.patch
  * mozilla-sandbox-fips.patch
  * thunderbird-remove-python2.patch
- removed obsolete platform patches
  * mozilla-s390-bigendian.patch
  * mozilla-nestegg-big-endian.patch
  * mozilla-openaes-decl.patch
  * mozilla-cubeb-noreturn.patch
-------------------------------------------------------------------
Mon Aug 31 16:56:03 UTC 2020 - Charles Robertson <cgrobertson@suse.com>
- Mozilla Thunderbird 68.12
  *fixed: Various security vulnerabilities
  MFSA 2020-40 (bsc#1175686)
  * CVE-2020-15663 (bmo#1643199)
    Downgrade attack on the Mozilla Maintenance Service could
    have resulted in escalation of privilege
  * CVE-2020-15664 (bmo#1658214)
    Attacker-induced prompt for extension installation
  * CVE-2020-15669 (bmo#1656957)
    Use-After-Free when aborting an operation
-------------------------------------------------------------------
Fri Jul 31 12:38:06 UTC 2020 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 68.11
  * fixed: FileLink attachments included as a link and file when
    added from a network drive via drag & drop (bmo#793118)
  * fixed: Various security fixes
  MFSA 2020-35 (bsc#1174538)
  * CVE-2020-15652 (bmo#1634872)
    Potential leak of redirect targets when loading scripts in a
    worker
  * CVE-2020-6514 (bmo#1642792)
    WebRTC data channel leaks internal address to peer
  * CVE-2020-6463 (bmo#1635293)
    Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
  * CVE-2020-15659 (bmo#1550133, bmo#1633880, bmo#1646787,
    bmo#1650811)
    Memory safety bugs fixed in Thunderbird 68.11
-------------------------------------------------------------------
Fri Jul  3 07:30:50 UTC 2020 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 68.10.0
  * fixed: Chat: Topics displayed some characters improperly
    (bmo#1644024)
  * fixed: Calendar: Filtering tasks did not work when
    "Incomplete Tasks" was selected (bmo#1593711)
  MFSA 2020-26 (bsc#1173576)
  * CVE-2020-12417 (bmo#1640737)
    Memory corruption due to missing sign-extension for ValueTags
    on ARM64
  * CVE-2020-12418 (bmo#1641303)
    Information disclosure due to manipulated URL object
  * CVE-2020-12419 (bmo#1643874)
    Use-after-free in nsGlobalWindowInner
  * CVE-2020-12420 (bmo#1643437)
    Use-After-Free when trying to connect to a STUN server
  * MFSA-2020-0001 (bmo#1606610)
    Automatic account setup leaks Microsoft Exchange login
    credentials
  * CVE-2020-12421 (bmo#1308251)
    Add-On updates did not respect the same certificate trust
    rules as software updates
-------------------------------------------------------------------
Thu Jun  4 09:46:03 UTC 2020 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 68.9.0
  * fixed: Custom headers added for searching or filtering could
    not be removed (bmo#1631577)
  * fixed: Calendar: Today Pane updated prior to loading all data
    (bmo#1635613)
  * fixed: Stability improvements (bmo#1625677)
  * fixed: Various security fixes
  MFSA 2020-22 (bsc#1172402)
  * CVE-2020-12405 (bmo#1631618)
    Use-after-free in SharedWorkerService
  * CVE-2020-12406 (bmo#1639590)
    JavaScript Type confusion with NativeTypes
  * CVE-2020-12410 (bmo#1619305, bmo#1632717)
    Memory safety bugs fixed in Thunderbird 68.9.0
  * CVE-2020-12398 (bmo#1613623)
    Security downgrade with IMAP STARTTLS leads to information
    leakage
-------------------------------------------------------------------
Mon May 25 06:51:16 UTC 2020 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 68.8.1
  * fixed: IMAP stability improvements (bmo#1586494)
  * fixed: HTML tags in IRC topic changes were rendered
    incorrectly (bmo#1607097)
  * fixed: MailExtensions: Websockets could not be used
    (bmo#1627649)
- Use a symbolic icon from branding internals
-------------------------------------------------------------------
Wed May  6 10:46:27 UTC 2020 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 68.8.0
  * fixed: Account Manager: text fields were too small in some
    cases (bmo#1616387)
  * fixed: Account Manager: Authentication method did not update
    when selecting an SMTP server (bmo#1631437)
  * fixed: Links with embedded credentials did not open on
    Windows (bmo#1609451)
  * fixed: Messages were sometimes sent with a badly formed
    address when filled from the address book (bmo#1629842)
  * fixed: Accessibility: Screen readers were reporting too many
    activities from the status bar (bmo#1628891)
  * fixed: MailExtensions: Setting IMAP messages as read with
    browser.messages.updated failed to persist (bmo#1631184)
  * fixed: Various security fixes
  MFSA 2020-18 (bsc#1171186)
  * CVE-2020-12397 (bmo#1617370)
    Sender Email Address Spoofing using encoded Unicode
    characters
  * CVE-2020-12387 (bmo#1545345)
    Use-after-free during worker shutdown
  * CVE-2020-6831 (bmo#1632241)
    Buffer overflow in SCTP chunk input validation
  * CVE-2020-12392 (bmo#1614468)
    Arbitrary local file access with 'Copy as cURL'
  * CVE-2020-12393 (bmo#1615471)
    Devtools' 'Copy as cURL' feature did not fully escape
    website-controlled data, potentially leading to command
    injection
  * CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704,
    bmo#1624098, bmo#1625749, bmo#1626382, bmo#1628076,
    bmo#1631508)
    Memory safety bugs fixed in Thunderbird 68.8.0
-------------------------------------------------------------------
Tue Apr 14 07:32:13 UTC 2020 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 68.7.0
  * new: MailExtensions: Raw message source available to
    MailExtensions (bmo#1525274)
  * changed: MailExtensions: messages.update function extended to
    mark messages as junk or not junk (bmo#1598332)
  * changed: MailExtensions: browser.compose.begin functions no
    longer expand mailing lists (bmo#1612480)
  * fixed: Various improvements to account setup when connecting
    to an Exchange server (bmo#1598861)
  * fixed: Thread collapsed when opening news message in a new
    window (bmo#1526765)
  * fixed: Addons not automatically updated to compatible version
    after upgrade from Thunderbird 60 (bmo#1574183)
  * fixed: Updating addons did not prompt when requesting new
    permissions (bmo#1620861)
  * fixed: Extra recipients panel not keyboard-accessible
    (bmo#1612717)
  * fixed: Accessibility: Status bar was not detected by
    screenreaders (bmo#1621287)
  * fixed: MailExtensions: messages.query by folder name did not
    require accountsRead permission (bmo#1625793)
  * fixed: Calendar: Invitations with embedded null bytes did not
    always decode correctly (bmo#1623896)
  * fixed: Calendar: Cancelled events didn't show with a line-
    through (bmo#1621210)
  * fixed: Various security fixes
  MFSA 2020-14 (bsc#1168874)
  In general, these flaws cannot be exploited through email in 
  Thunderbird because scripting is disabled when reading mail, but
  are potentially risks in browser or browser-like contexts.
  * CVE-2020-6819 (bmo#1620818, bsc#1168630)
    Use-after-free while running the nsDocShell destructor
  * CVE-2020-6820 (bmo#1626728, bsc#1168630)
    Use-after-free when handling a ReadableStream
  * CVE-2020-6821 (bmo#1625404, bsc#1168874)
    Uninitialized memory could be read when using the WebGL
    copyTexSubImage method
  * CVE-2020-6822 (bmo#1544181, bsc#1168874)
    Out of bounds write in GMPDecodeData when processing large images
  * CVE-2020-6825 (bmo#1572541,bmo#1620193,bmo#1620203, bsc#1168874)
    Memory safety bugs fixed in Thunderbird 68.7.0
-------------------------------------------------------------------
Fri Mar 13 07:48:08 UTC 2020 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 68.6
  * new: Thunderbird now displays a popup window when starting up
    on a new profile (bmo#1590036)
  * changed: Thunderbird now provides partial updates resulting
    in smaller downloads (bmo#1410512)
  * fixed: Searching in message bodies led to false negatives
    under some circumstances in quoted-printable encoded HTML
    bodies (bmo#1614796)
  * fixed: "Get New Messages for All Accounts" not working for
    OAuth2-authenticated IMAP accounts (bmo#1593611)
  * fixed: Various security fixes
  MFSA 2020-10 (bsc#1166238)
  * CVE-2020-6805 (bmo#1610880)
    Use-after-free when removing data about origins
  * CVE-2020-6806 (bmo#1612308)
    BodyStream::OnInputStreamReady was missing protections
    against state confusion
  * CVE-2020-6807 (bmo#1614971)
    Use-after-free in cubeb during stream destruction
  * CVE-2020-6811 (bmo#1607742)
    Devtools' 'Copy as cURL' feature did not fully escape
    website-controlled data, potentially leading to command
    injection
  * CVE-2019-20503 (bmo#1613765)
    Out of bounds reads in sctp_load_addresses_from_init
  * CVE-2020-6812 (bmo#1616661)
    The names of AirPods with personally identifiable information
    were exposed to websites with camera or microphone permission
  * CVE-2020-6814 (bmo#1592078, bmo#1604847, bmo#1608256,
    bmo#1612636, bmo#1614339)
    Memory safety bugs fixed in Thunderbird 68.6
-------------------------------------------------------------------
Thu Feb 13 19:25:40 UTC 2020 - Charles Robertson <cgrobertson@suse.com>
- Mozilla Thunderbird 68.5
  * new: Support for Client Identity IMAP/SMTP Service Extension
    (bmo#1532388)
  * new: Support for OAuth 2.0 authentication for POP3 accounts
    (bmo#1538409)
  * fixed: Status area goes blank during account setup
    (bmo#1593122)
  * fixed: Calendar: Could not remove color for default
    categories (bmo#1584853)
  * fixed: Calendar: Prevent calendar component loading multiple
    times (bmo#1606375)
  * fixed: Calendar: Today pane did not retain width between
    sessions (bmo#1610207)
  * fixed: Various <a href="https://www.mozilla.org/en-
    US/security/known-
    vulnerabilities/thunderbird/#thunderbird68.5">security
    fixes</a>
  * unresolved: When upgrading from Thunderbird version 60 to
    version 68, add-ons are not automatically updated during the
    upgrade process. They will however be updated during the add-
    on update check. It is of course possible to reinstall
    compatible add-ons via the Add-ons Manager or via
    addons.thunderbird.net. (bmo#1574183)
  MFSA 2020-07 (bsc#1163368)
  * CVE-2020-6793 (bmo#1608539)
    Out-of-bounds read when processing certain email messages
  * CVE-2020-6794 (bmo#1606619)
    Setting a master password post-Thunderbird 52 does not delete
    unencrypted previously stored passwords
  * CVE-2020-6795 (bmo#1611105)
    Crash processing S/MIME messages with multiple signatures
  * CVE-2020-6797 (bmo#1596668)
    Extensions granted downloads.open permission could open
    arbitrary applications on Mac OSX
  * CVE-2020-6798 (bmo#1602944)
    Incorrect parsing of template tag could result in JavaScript
    injection
  * CVE-2020-6792 (bmo#1609607)
    Message ID calculcation was based on uninitialized data
  * CVE-2020-6800 (bmo#1595786, bmo#1596706, bmo#1598543,
    bmo#1604851, bmo#1605777, bmo#1608580, bmo#1608785)
    Memory safety bugs fixed in Thunderbird 68.5
-------------------------------------------------------------------
Mon Jan 27 07:50:05 UTC 2020 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 68.4.2 (bsc#1162777)
  * changed: Calendar: Task and Event tree colours adjusted for
    the dark theme (bmo#1608344)
  * fixed: Retrieval of S/MIME certificates from LDAP failed
    (bmo#1604773)
  * fixed: Address-parsing crash on some IMAP servers when
    preference mail.imap.use_envelope_cmd was set (bmo#1609690)
  * fixed: Incorrect forwarding of HTML messages caused SMTP
    servers to respond with a timeout (bmo#1222046)
  * fixed: Calendar: Various parts of the calendar UI stopped
    working when a second Thunderbird window opened (bmo#1608407)
-------------------------------------------------------------------
Fri Jan 10 07:30:13 UTC 2020 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 68.4.1 
  * changed: Various improvements when setting up an account for
    a Microsoft Exchange server: Now offers IMAP/SMTP if
    available, better detection for Office 365 accounts; re-run
    configuration after password change. (bmo#1592258)
  * fixed: Attachments with one or more spaces in their names
    couldn't be opened under some circumstances (bmo#1601905)
  * fixed: After changing view layout, the message display pane
    showed garbled content under some circumstances (bmo#265393)
  * fixed: Tags were lost on messages in shared IMAP folders
    under some circumstances (bmo#1596371)
  * fixed: Various theme changes to achieve "pixel perfection":
    Unread icon, "no results" icon, paragraph format and font
    selector, background of folder summary tooltip (bmo#1605612)
  * fixed: Calendar: Event attendee dialog was not displayed
    correctly (bmo#1604797)
  * fixed: Various security fixes
  MFSA 2020-04 (bsc#1160305, bsc#1160498)
  * CVE-2019-17026 (bmo#1607443)
    IonMonkey type confusion with StoreElementHole and
    FallibleStoreElement
  * CVE-2019-17015 (bmo#1599005)
    Memory corruption in parent process during new content
    process initialization on Windows
  * CVE-2019-17016 (bmo#1599181)
    Bypass of @namespace CSS sanitization during pasting
  * CVE-2019-17017 (bmo#1603055)
    Type Confusion in XPCVariant.cpp
  * CVE-2019-17021 (bmo#1599008)
    Heap address disclosure in parent process during content
    process initialization on Windows
  * CVE-2019-17022 (bmo#1602843)
    CSS sanitization does not escape HTML tags
  * CVE-2019-17024 (bmo#1507180, bmo#1595470, bmo#1598605,
    bmo#1601826)
    Memory safety bugs fixed in Thunderbird 68.4.1
- Removed patch that is now upstream: mozilla-bmo1511604.patch
- Added patch to fix broken URL-bar on s390x:
  mozilla-bmo1602730.patch
-------------------------------------------------------------------
Tue Dec 17 11:41:06 UTC 2019 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 68.3.1
  * changed: In dark theme unread messages no longer shown in
    blue to distinguish from tagged messages (bmo#1596702)
  * changed: Account setup is now using client side DNS MX lookup
    instead of relying on a server. (bmo#1349337)
  * fixed: Searching LDAP address book crashed in some
    circumstances (bmo#1601389)
  * fixed: Message navigation with backward and forward buttons
    did not work in some circumstances (bmo#533504)
  * fixed: WebExtension toolbar icons were displayed too small
    (bmo#1598955)
  * fixed: Calendar: Tasks due today were not listed in bold
    (bmo#1598885)
  * fixed: Calendar: Last day of long-running events was not
    shown (bmo#1572964)
-------------------------------------------------------------------
Wed Dec  4 07:08:52 UTC 2019 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Firefox Thunderbird 68.3
  * new: Message display toolbar action WebExtension API
    (bmo#1531597)
  * new: Navigation buttons are now available in content tabs,
    for example those opened via an add-on search (bmo#787683)
  * changed: "New email" icon in Windows systray changed from in-
    tray with arrow to envelope (bmo#1594200)
  * fixed: Icons of attachments in the attachment pane of the
    Write window not always correct (bmo#1593280)
  * fixed: Toolbar buttons of add-ons in the menubar not shown
    after startup (bmo#1584160)
  * fixed: LDAP lookup not working when SSL was enabled. LDAP
    search not working when "All Address Books" was selected.
    (bmo#1576364)
  * fixed: Scam link confirmation panel not working (bmo#1596413)
  * fixed: In Write window, the Link Properties dialog wasn't
    showing named anchors in context menu (bmo#1593629)
  * fixed: Calendar: Start-up failed if the application menu is
    not on the calendar toolbars (bmo#1588516)
  * fixed: Chat: Account reordering via drag-and-drop not working
    on Instant messaging status dialog (Show Accounts)
    (bmo#1591505)
  MFSA 2019-37 (bsc#1158328)
  * CVE-2019-17008 (bmo#1546331)
    Use-after-free in worker destruction
  * CVE-2019-13722 (bmo#1580156)
    Stack corruption due to incorrect number of arguments in
    WebRTC code
  * CVE-2019-11745 (bmo#1586176)
    Out of bounds write in NSS when encrypting with a block
    cipher
  * CVE-2019-17009 (bmo#1510494)
    Updater temporary files accessible to unprivileged processes
  * CVE-2019-17010 (bmo#1581084)
    Use-after-free when performing device orientation checks
  * CVE-2019-17005 (bmo#1584170)
    Buffer overflow in plain text serializer
  * CVE-2019-17011 (bmo#1591334)
    Use-after-free when retrieving a document in antitracking
  * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667,
    bmo#1567209, bmo#1580288, bmo#1585760, bmo#1592502)
    Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
-------------------------------------------------------------------
Tue Nov 26 08:29:26 UTC 2019 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Remove patch thunderbird-broken-locales-build.patch due to
  switch to a different method for building locales
- Added patch mozilla-bmo849632.patch to fix some webgl-problems
  on big endian machines (sync from FF)
-------------------------------------------------------------------
Mon Nov  4 07:16:48 UTC 2019 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 68.2.1 
  * new: A language for the user interface can now be chosen in
    the advanced settings (multilingual UI) (bmo#1590206)
  * fixed: Problem with Google authentication (OAuth2)
    (bmo#1592407)
  * fixed: Selected or unread messages not shown in the correct
    color in the thread pane (message list) under some
    circumstances (bmo#1585765)
  * fixed: When using a language pack, names of standard folders
    weren't localized (bmo#1575512, boo#1149126)
  * fixed: Address book default startup directory in preferences
    panel not persisted (bmo#1591364)
  * fixed: Various visual glitches: Conditions in filter editor
    not high enough, folder location widget not showing folder
    name, problem with menubar customization, add-on home page
    links accumulating, theme issues on Windows 7 (bmo#1590666)
  * fixed: Issues when upgrading from a 32bit version of
    Thunderbird to a 64bit version. Note: If your profile is
    still not recognised, selected it by visiting about:profiles
    in the Troubleshooting Information. (bmo#1587067)
  * fixed: Chat: Extended context menu on Instant messaging
    status dialog (Show Accounts) (bmo#1591506)
- added mozilla-bmo1504834-part4.patch to fix some visual issues 
  on big endian platforms
-------------------------------------------------------------------
Wed Oct 23 12:51:22 UTC 2019 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 68.2
  * new: Message Display WebExtension API
  * new: Message Search WebExtension API
  * Bugfixes
    Better visual feedback for unread messages when using the 
    dark theme
    Various issues when editing mailing lists
    Integration with macOS addressbook and notifications not working 
    after introduction of notarization
    Application windows not maintaining their size after restart
    Issues when upgrading from a 32bit version of Thunderbird to a 
    64bit version. 
  * various security fixes
  MFSA 2019-33/2019-35 (bsc#1154738)
  * CVE-2019-15903 (bmo#1584907)
    Heap overflow in expat library in XML_GetCurrentLineNumber
  * CVE-2019-11757 (bmo#1577107)
    Use-after-free when creating index updates in IndexedDB
  * CVE-2019-11758 (bmo#1536227)
    Potentially exploitable crash due to 360 Total Security
  * CVE-2019-11759 (bmo#1577953)
    Stack buffer overflow in HKDF output
  * CVE-2019-11760 (bmo#1577719)
    Stack buffer overflow in WebRTC networking
  * CVE-2019-11761 (bmo#1561502)
    Unintended access to a privileged JSONView object
  * CVE-2019-11762 (bmo#1582857)
    document.domain-based origin isolation has same-origin-
    property violation
  * CVE-2019-11763 (bmo#1584216)
    Incorrect HTML parsing results in XSS bypass technique
  * CVE-2019-11764 (bmo#1548044, bmo#1558522, bmo#1571223,
    bmo#1573048, bmo#1575217, bmo#1577061, bmo#1578933,
    bmo#1581950, bmo#1583463, bmo#1583684, bmo#1586599,
    bmo#1586845)
    Memory safety bugs fixed in Thunderbird 68.2
- removed upstream patches:
  * mozilla-bmo1512162.patch
  * mozilla-bmo1573381.patch
  * mozilla-bmo1585099.patch
-------------------------------------------------------------------
Mon Oct 14 08:28:18 UTC 2019 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 68.1.2 (bsc#1153879)
  Bugfixes
  * Some attachments couldn't be opened in messages originating from
    MS Outlook 2016
  * Address book import from CSV
  * Performance problem in message body search
  * Ctrl+Enter to send a message would open an attachment if the
    attachment pane had focus
  * Calendar: Issues with "Today Pane" start-up
  * Calendar: Glitches with custom repeat and reminder number input
  * Calendar: Problems with WCAP provider
- add mozilla-bmo1585099.patch to fix build with rust >= 1.38 
- add mozilla-fix-top-level-asm.patch to fix LTO build (w/o PGO)
- updated translations-other locale list
- remove kde.js since disabling instantApply breaks extensions and
  is obsolete with the move to HTML views for preferences (boo#1151186)
- Update create-tar.sh (bsc#1152778)
- Update mozilla-bmo1512162.patch to the patch now commited upstream
  * No more -O1 builds for ppc64le necessary
- Deactivate currently useless crashreporter for the last remaining
  arch
-------------------------------------------------------------------
Fri Sep 27 06:58:23 UTC 2019 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 68.1.1
  Bugfixes
  * Issues with attachments in IMAP messages
  * Gmail accounts ignored a non-standard trash folder selection
  * Entering/pasting lists of recipients into the addressing widget or
    mailing list not working reliably, especially when lists contained
    multiple commas or semicolons
  * Edit mailing list not working
  * Various theme fixes, especially dark theme improvements for Calendar
  * Contrast between tag label and background not optimal
  * Account Central pane always loaded at start-up
  * "Config Editor" button not removed if blocked by policy
  * Calendar: Free/busy information in attendees dialog not scrolled
    correctly. Note: Scroll arrows still not behaving correctly
  MFSA 2019-32
  * CVE-2019-11755 (bmo#1240290)
    Spoofing a message author via a crafted S/MIME message
-------------------------------------------------------------------
Thu Sep 12 10:58:39 UTC 2019 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Thunderbird 68.1.0
  * Offer to configure Exchange accounts for Office365. A third-
    party add-on is required for this account type.
    IMAP still exists as alternative.
  * Edit tag not working
  * Write window: "Insert > Characters and Symbols" not working
  * Moving/dragging messages from "Search Messages" result
    dialog not working
  * Command line -compose "attachment=" not working
  * Custom views not working
  * Issues with list of content types/actions for incoming attachments
  * "Learn More" links in Error Console not working
  * Visual glitches: Quick Filter Bar tag buttons too tall, missing
    scroll bar on Connection Setting subdialog, LDAP server
    selection after "New", "Edit" and "Delete"
  * Calendar: Parts of CalDAV dialog not working
  MFSA 2019-30
  * CVE-2019-11739 (bmo#1571481, bsc#1150939)
    Covert Content Attack on S/MIME encryption using a crafted
    multipart/alternative message
  * CVE-2019-11746 (bmo#1564449, bsc#1149297)
    Use-after-free while manipulating video
  * CVE-2019-11744 (bmo#1562033, bsc#1149304)
    XSS by breaking out of title and textarea elements using
    innerHTML
  * CVE-2019-11742 (bmo#1559715, bsc#1149303)
    Same-origin policy violation with SVG filters and canvas to
    steal cross-origin images
  * CVE-2019-11752 (bmo#1501152, bsc#1149296)
    Use-after-free while extracting a key value in IndexedDB
  * CVE-2019-11743 (bmo#1560495, bsc#1149298,
    https://w3c.github.io/navigation-timing)
    Cross-origin access to unload event attributes
  * CVE-2019-11740 (bmo#1563133, bmo#1573160, bsc#1149299)
    Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1,
    Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9
- Mozilla Thunderbird 68.0
  * based on Firefox ESR 68
  * File link attachments can now be linked to again instead of
    uploading them again
  * Mark all folders of an account as read
  * Run filters periodically. Improved filter logging
  * OAuth2 authentication for Yandex
  * Language packs can now be selected in the Advanced Options.
    Preference intl.multilingual.enabled needs to be set (and possily
    also extensions.langpacks.signatures.required needs to be set to false)
  * Added a policy engine that allows customized Thunderbird deployments
    in enterprise environments, using Windows Group Policy or a
    cross-platform JSON file
  * TCP keepalive for IMAP protocol
  * Full Unicode support for MAPI interfaces: New support for MAPISendMailW
  * Calendar: Time zone data can now include past and future changes.
    All known time zone changes from 2018 to 2022 are included.
  * Chat: In each conversation an individual spellcheck language can
    be selected now
  MFSA 2019-28
  * CVE-2019-11711 (bmo#1552541)
    Script injection within domain through inner window reuse
  * CVE-2019-11712 (bmo#1543804)
    Cross-origin POST requests can be made with NPAPI plugins by
    following 308 redirects
  * CVE-2019-11713 (bmo#1528481)
    Use-after-free with HTTP/2 cached stream
  * CVE-2019-11714 (bmo#1542593)
    NeckoChild can trigger crash when accessed off of main thread
  * CVE-2019-11729 (bmo#1515342)
    Empty or malformed p256-ECDH public keys may trigger a
    segmentation fault
  * CVE-2019-11715 (bmo#1555523)
    HTML parsing error can contribute to content XSS
  * CVE-2019-11716 (bmo#1552632)
    globalThis not enumerable until accessed
  * CVE-2019-11717 (bmo#1548306)
    Caret character improperly escaped in origins
  * CVE-2019-11719 (bmo#1540541)
    Out-of-bounds read when importing curve25519 private key
  * CVE-2019-11720 (bmo#1556230)
    Character encoding XSS vulnerability
  * CVE-2019-11721 (bmo#1256009)
    Domain spoofing through unicode latin 'kra' character
  * CVE-2019-11730 (bmo#1558299)
    Same-origin policy treats all files in a directory as having
    the same-origin
  * CVE-2019-11723 (bmo#1528335)
    Cookie leakage during add-on fetching across private browsing
    boundaries
  * CVE-2019-11724 (bmo#1512511)
    Retired site input.mozilla.org has remote troubleshooting
    permissions
  * CVE-2019-11725 (bmo#1483510)
    Websocket resources bypass safebrowsing protections
  * CVE-2019-11727 (bmo#1552208)
    PKCS#1 v1.5 signatures can be used for TLS 1.3
  * CVE-2019-11728 (bmo#1552993)
    Port scanning through Alt-Svc header
  * CVE-2019-11710 (bmo#1400563, bmo#1507696, bmo#1510345,
    bmo#1533842, bmo#1535482, bmo#1535848, bmo#1537692,
    bmo#1540590, bmo#1544180, bmo#1547472, bmo#1547760,
    bmo#1548611, bmo#1549768, bmo#1551907)
    Memory safety bugs fixed in Firefox 68 and Thunderbird 68
  * CVE-2019-11709 (bmo#1515052, bmo#1533522, bmo#1539219,
    bmo#1540759, bmo#1547266, bmo#1547757, bmo#1548822,
    bmo#1550498, bmo#1550498)
    Memory safety bugs fixed in Firefox 68, Firefox ESR 60.8, and
    Thunderbird 68
- removed patches that are now upstream
  * mozilla-bmo1375074.patch
  * mozilla-i586-DecoderDoctorLogger.patch
  * mozilla-i586-domPrefs.patch
  * mozilla-bmo1464766.patch
  * mozilla-bigendian_bit_flags_alias.patch
- added patch to make builds reproducible
  * mozilla-bmo1568145.patch
- added a bunch of patches mainly for big endian platforms
  * mozilla-bmo1504834-part1.patch
  * mozilla-bmo1504834-part2.patch
  * mozilla-bmo1504834-part3.patch
  * mozilla-bmo1511604.patch
  * mozilla-bmo1512162.patch
  * mozilla-bmo1554971.patch
  * mozilla-bmo1573381.patch
  * mozilla-nestegg-big-endian.patch
  * mozilla-ppc-altivec_static_inline.patch
- added patches to fix build on armv7:
  * mozilla-bmo1463035.patch
  * mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
- added patch to fix non-return function
  * mozilla-cubeb-noreturn.patch
- added patch to fix aarch64 build:
  * mozilla-fix-aarch64-libopus.patch (bmo#1539737)
- added patch to reduce build-load
  * mozilla-reduce-rust-debuginfo.patch
- added patch to fix locales-build
  * thunderbird-broken-locales-build.patch
- added patch to fix implicit declarations
  * mozilla-openaes-decl.patch
- added samba-patch from Firefox
  * mozilla-ntlm-full-path.patch
-------------------------------------------------------------------
Fri Jul 12 10:48:09 UTC 2019 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Firefox Thunderbird 60.8
  MFSA 2019-23 (bsc#1140868)
  * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327)
    Sandbox escape via installation of malicious language pack
  * CVE-2019-11711 (bmo#1552541)
    Script injection within domain through inner window reuse
  * CVE-2019-11712 (bmo#1543804)
    Cross-origin POST requests can be made with NPAPI plugins by
    following 308 redirects
  * CVE-2019-11713 (bmo#1528481)
    Use-after-free with HTTP/2 cached stream
  * CVE-2019-11729 (bmo#1515342)
    Empty or malformed p256-ECDH public keys may trigger a
    segmentation fault
  * CVE-2019-11715 (bmo#1555523)
    HTML parsing error can contribute to content XSS
  * CVE-2019-11717 (bmo#1548306)
    Caret character improperly escaped in origins
  * CVE-2019-11719 (bmo#1540541)
    Out-of-bounds read when importing curve25519 private key
  * CVE-2019-11730 (bmo#1558299)
    Same-origin policy treats all files in a directory as having
    the same-origin
  * CVE-2019-11709 (bmo#1515052, bmo#1533522, bmo#1539219,
    bmo#1540759, bmo#1547266, bmo#1547757, bmo#1548822,
    bmo#1550498, bmo#1550498)
    Memory safety bugs fixed in Firefox 68, Firefox ESR 60.8, and
    Thunderbird 60.8
- Calendar: Problems when editing event times, some related to 
  AM/PM setting in non-English locales
-------------------------------------------------------------------
Fri Jun 21 07:52:26 UTC 2019 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Firefox Thunderbird 60.7.2
  MFSA 2019-20 (bsc#1138872)
  * CVE-2019-11707 (bmo#1544386)
    Type confusion in Array.pop
  * CVE-2019-11708 (bmo#1559858)
    sandbox escape using Prompt:Open 
-------------------------------------------------------------------
Fri Jun 14 06:28:42 UTC 2019 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Firefox Thunderbird 60.7.1
  MFSA 2019-17 (bsc#1137595)
  * CVE-2019-11703 (bmo#1553820)
    Heap buffer overflow in icalparser.c
  * CVE-2019-11704 (bmo#1553814)
    Heap buffer overflow in icalvalue.c
  * CVE-2019-11705 (bmo#1553808)
    Stack buffer overflow in icalrecur.c
  * CVE-2019-11706 (bmo#1555646)
    Type confusion in icalproperty.c
- No prompt for smartcard PIN when S/MIME signing is used 
- Removed obsolete patches:
    [thunderbird-bsc1137595.patch] 
-------------------------------------------------------------------
Thu Jun 13 06:40:51 UTC 2019 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Fix security vulnerabilities in Thunderbird 60.7 (bsc#1137595)
  * CVE-2019-11706 (bmo#1555646)
  * CVE-2019-11705 (bmo#1553808)
  * CVE-2019-11704 (bmo#1553814)
  * CVE-2019-11703 (bmo#1553820)
- Added patches:
    [thunderbird-bsc1137595.patch] 
-------------------------------------------------------------------
Fri May 24 06:12:38 UTC 2019 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Mozilla Firefox Thunderbird 60.7
  MFSA 2019-15 
  * CVE-2019-9815 (bmo#1546544, https://mdsattacks.com/)
    Disable hyperthreading on content JavaScript threads on macOS
  * CVE-2019-9816 (bmo#1536768)
    Type confusion with object groups and UnboxedObjects
  * CVE-2019-9817 (bmo#1540221)
    Stealing of cross-domain images using canvas
  * CVE-2019-9818 (bmo#1542581)
    Use-after-free in crash generation server
  * CVE-2019-9819 (bmo#1532553)
    Compartment mismatch with fetch API
  * CVE-2019-9820 (bmo#1536405)
    Use-after-free of ChromeEventHandler by DocShell
  * CVE-2019-11691 (bmo#1542465)
    Use-after-free in XMLHttpRequest
  * CVE-2019-11692 (bmo#1544670)
    Use-after-free removing listeners in the event listener
    manager
  * CVE-2019-11693 (bmo#1532525)
    Buffer overflow in WebGL bufferdata on Linux
  * CVE-2019-7317 (bmo#1542829)
    Use-after-free in png_image_free of libpng library
  * CVE-2019-9797 (bmo#1528909)
    Cross-origin theft of images with createImageBitmap
  * CVE-2018-18511 (bmo#1526218)
    Cross-origin theft of images with ImageBitmapRenderingContext
  * CVE-2019-11694 (bmo#1534196)
    Uninitialized memory memory leakage in Windows sandbox
  * CVE-2019-11698 (bmo#1543191)
    Theft of user history data through drag and drop of
    hyperlinks to and from bookmarks
  * CVE-2019-5798 (bmo#1535518)
    Out-of-bounds read in Skia
  * CVE-2019-9800 (bmo#1499108, bmo#1499719, bmo#1516325,
    bmo#1532465, bmo#1533554, bmo#1534593, bmo#1535194,
    bmo#1535612, bmo#1538042, bmo#1538619, bmo#1538736,
    bmo#1540136, bmo#1540166, bmo#1541580, bmo#1542097,
    bmo#1542324, bmo#1546327)
    Memory safety bugs fixed in Firefox 67, Firefox ESR 60.7, and
    Thunderbird 60.7
- Attachment pane of Write window no longer focussed when attaching files using a keyboard shortcut
-------------------------------------------------------------------
Mon May 20 12:37:25 UTC 2019 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Reactivate s390x 
  * Merged big endian patches from MozillaFirefox to make 
    Thunderbird compile under s390x again (see below)
  * Added ac_option --with-system-icu (same as Firefox, but in 
    this case only for big endian machines as not to break 
    existing archs)
- Added patches:
    [mozilla-bmo1005535.patch]
    [mozilla-bigendian_bit_flags_alias.patch]
    [mozilla-s390-bigendian.patch]
    [mozilla-s390-context.patch]
-------------------------------------------------------------------
Fri May 17 08:32:13 UTC 2019 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Sync with Devel:Mozilla:*:next
-------------------------------------------------------------------
Thu May 16 10:39:55 UTC 2019 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Merge changes from MozillaFirefox
  * Merge spec-file update "Enable Firefox to build with 
    Rust >= 1.30 with fix" (revision 28)
  * Merge create-tar.sh to now download tar-balls for thunderbird 
    directly as is done with Firefox
-------------------------------------------------------------------
Mon Mar 25 12:08:23 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird 60.6.1
  MFSA 2019-12 (bsc#1130262)
  * CVE-2019-9810 (bmo#1537924)
    IonMonkey MArraySlice has incorrect alias information
  * CVE-2019-9813 (bmo#1538006)
    Ionmonkey type confusion with __proto__ mutations
-------------------------------------------------------------------
Wed Mar 20 15:33:14 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird 60.6.0
  * Calendar: Can't create repeating event with end date when using
    certain time zones, for example Europe/Minsk
  * some minor bugfixes
  * using 60.6.0esr Mozilla platform (bsc#1129821)
-------------------------------------------------------------------
Thu Mar  7 08:28:56 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird 60.5.3
  * fixed a regression on the Windows platform:
    Problem when using "Send to > Mail recipient" on Windows
-------------------------------------------------------------------
Sun Feb 24 19:15:06 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird 60.5.2
  * UTF-8 support for MAPISendMail
  * Problem with S/MIME certificate verification when receiving email
    from Outlook (issue introduced in version 60.5.1)
-------------------------------------------------------------------
Thu Feb 14 21:46:45 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird 60.5.1
  * CalDav access to some servers not working
  MFSA 2019-06 (bsc#1125330)
  * CVE-2018-18356 bmo#1525817
    Use-after-free in Skia
  * CVE-2019-5785 bmo#1525433
    Integer overflow in Skia
  * CVE-2018-18335 bmo#1525815
    Buffer overflow in Skia with accelerated Canvas 2D
  * CVE-2018-18509 bmo#1507218
    S/MIME signature spoofing
-------------------------------------------------------------------
Fri Jan 25 14:40:21 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird 60.5.0:
  * FileLink provider WeTransfer to upload large attachments
  * Thunderbird now allows the addition of OpenSearch search engines
    from a local XML file using a minimal user inferface: [+] button
    to select a file an add, [-] to remove.
  * More search engines: Google and DuckDuckGo available by default
    in some locales
  * During account creation, Thunderbird will now detect servers
    using the Microsoft Exchange protocol. It will offer the
    installation of a 3rd party add-on (Owl) which supports that
    protocol.
  * Thunderbird now compatible with other WebExtension-based
    FileLink add-ons like the Dropbox add-on
  MFSA 2019-03 (bsc#1122983)
  * CVE-2018-18500 bmo#1510114
    Use-after-free parsing HTML5 stream
  * CVE-2018-18505 bmo#1497749
    Privilege escalation through IPC channel messages
  * CVE-2016-5824 bmo#1275400
    DoS (use-after-free) via a crafted ics file
  * CVE-2018-18501 bmo#1512450 bmo#1517542 bmo#1513201 bmo#1460619
    bmo#1502871 bmo#1516738 bmo#1516514
    Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
- requires NSS 3.36.7
- removed obsolete patch
  mozilla-no-stdcxx-check.patch
- rebased patches
-------------------------------------------------------------------
Fri Dec 21 19:50:56 UTC 2018 - astieger@suse.com
- Mozilla Thunderbird 60.4.0:
  * New WebExtensions FileLink API to facilitate add-ons
  * Fix decoding problems for messages with less common charsets
    (cp932, cp936)
  * New messages in the drafts folder (and other special or virtual
    folders) will no longer be included in the new messages
    notification
  MFSA 2018-31
  * CVE-2018-17466 bmo#1488295
    Buffer overflow and out-of-bounds read in ANGLE library with
    TextureStorage11
  * CVE-2018-18492 bmo#1499861
    Use-after-free with select element
  * CVE-2018-18493 bmo#1504452
    Buffer overflow in accelerated 2D canvas with Skia
  * CVE-2018-18494 bmo#1487964
    Same-origin policy violation using location attribute and
    performance.getEntries to steal cross-origin URLs
  * CVE-2018-18498 bmo#1500011
    Integer overflow when calculating buffer sizes for images
  * CVE-2018-12405 bmo#1494752 bmo#1503326 bmo#1505181 bmo#1500759
    bmo#1504365 bmo#1506640 bmo#1503082 bmo#1502013 bmo#1510471
    Memory safety bugs fixed in Firefox 64, 60.4, and Thunderbird 60.4
- requires NSS 3.36.6
-------------------------------------------------------------------
Tue Dec  4 21:04:50 UTC 2018 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird 60.3.3
  * Thunderbird 60 will migrate security databases (key3.db, cert8.db
    to key4.db, cert9.db). Thunderbird 60.3.2 and earlier contained a
    fault that potentially deleted saved passwords and private certificate
    keys for users using a master password. Version 60.3.3 will prevent
    the loss of data; affected users who have already upgraded to version
    60.3.2 or earlier can restore the deleted key3.db file from backup
    to complete the migration.
  * Address book search and auto-complete slowness introduced in
    Thunderbird 60.3.2
  * Plain text markup with * for bold, / for italics, _ for underline
    and | for code did not work when the enclosed text contained
    non-ASCII characters
  * While composing a message, a link not removed when link location
    was removed in the link properties panel
-------------------------------------------------------------------
Mon Dec  3 12:57:01 UTC 2018 - astieger@suse.com
- Fix build on openSUSE Leap 15.x w.r.t. rust-std requirement
-------------------------------------------------------------------
Thu Nov 29 08:47:10 UTC 2018 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird 60.3.2
  * Encoding problems when exporting address books or messages using
    the system charset. Messages are now always exported using the
    UTF-8 encoding
  * If the "Date" header of a message was invalid, Jan 1970 or Dec 1969
    was displayed. Now using date from "Received" header instead.
  * Body search/filtering didn't reliably ignore content of tags
  * Inappropriate warning "Thunderbird prevented the site
    (addons.thunderbird.net) from asking you to install software on
    your computer" when installing add-ons
  * Incorrect display of correspondents column since own email
    address was not always detected
  * Spurious 
 (encoded newline) inserted into drafts and sent email
-------------------------------------------------------------------
Thu Nov 15 16:33:49 UTC 2018 - astieger@suse.com
- Mozilla Thunderbird 60.3.1:
  * Double-clicking on a word in the Write window sometimes
    launched the Advanced Property Editor or Link Properties dialog
  * Fixe Cookie removal
  * "Download rest of message" was not working if global inbox was
     used
  * Fix Encoding problems for users (especially in Poland) when a
    file was sent via a folder using "Sent to > Mail recipient"
    due to a problem in the Thunderbird MAPI interface
  * According to RFC 4616 and RFC 5721, passwords containing
    non-ASCII characters are encoded using UTF-8 which can lead to
    problems with non-compliant providers, for example
    office365.com. The SMTP LOGIN and POP3 USER/PASS
    authentication methods are now using a Latin-1 encoding again
    to work around this issue
  * Fix shutdown crash/hang after entering an empty IMAP password
-------------------------------------------------------------------
Tue Oct 30 08:18:23 UTC 2018 - wr@rosenauer.org
- update to Thunderbird 60.3.0
  * various theme fixes
  * Shift+PageUp/PageDown in Write window
  * Gloda attachment filtering
  * Mailing list address auto-complete enter/return handling
  * Thunderbird hung if HTML signature references non-existent image
  * Filters not working for headers that appear more than once
- Security fixes for the Mozilla platform picked up from 60.3
  (Firefox ESR release). In general, these flaws cannot be exploited
  through email in Thunderbird because scripting is disabled when
  reading mail, but are potentially risks in browser or browser-like
  contexts (MFSA 2018-28) (bsc#1112852)
  * CVE-2018-12391 (bmo#1478843) (Android only)
    HTTP Live Stream audio data is accessible cross-origin
  * CVE-2018-12392 (bmo#1492823)
    Crash with nested event loops
  * CVE-2018-12393 (bmo#1495011)
    Integer overflow during Unicode conversion while loading JavaScript
  * CVE-2018-12389 (bmo#1498460, bmo#1499198)
    Memory safety bugs fixed in Firefox ESR 60.3
  * CVE-2018-12390 (bmo#1487098, bmo#1487660, bmo#1490234, bmo#1496159,
    bmo#1443748, bmo#1496340, bmo#1483905, bmo#1493347, bmo#1488803,
    bmo#1498701, bmo#1498482, bmo#1442010, bmo#1495245, bmo#1483699,
    bmo#1469486, bmo#1484905, bmo#1490561, bmo#1492524, bmo#1481844)
    Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
-------------------------------------------------------------------
Thu Oct 25 14:40:14 UTC 2018 - guillaume.gardet@opensuse.org
- Update _constraints for armv6/7
-------------------------------------------------------------------
Thu Oct 25 08:26:12 UTC 2018 - guillaume.gardet@opensuse.org
- Add patch to fix build on armv7:
  * mozilla-bmo1463035.patch
-------------------------------------------------------------------
Thu Oct 25 08:25:52 UTC 2018 - guillaume.gardet@opensuse.org
- Add memory-constraints to avoid OOM errors
-------------------------------------------------------------------
Fri Oct 12 14:26:17 UTC 2018 - meissner@suse.com
- provide / obsolete MozillaThunderbird-devel as this is no longer
  shipped to allow migration scenarios
-------------------------------------------------------------------
Tue Oct  2 10:08:00 UTC 2018 - wr@rosenauer.org
- update to Thunderbird 60.2.1:
  * Calendar: Default values for the first day of the week and
    working days are now derived from the selected datetime
    formatting locale
  * Calendar: Switch to a Photon-style icon set for all platforms
  * Fix multiple requests for master password when Google Mail or
    Calendar OAuth2 is enabled
  * Fix scrollbar of the address entry auto-complete popup
  * Fix security info dialog in compose window not showing
    certificate status
  * Fix links in the Add-on Manager's search results and theme
    browsing tabs that opened in external browser
  * Fix localization not showing the localized name for the
    "Drafts" and "Sent" folders for certain IMAP providers
  * Fix replying to a message with an empty subject which
    inserted Re: twice
  * Fix spellcheck marks disappeaing erroneously for words with
    an apostrophe
  * Calendar: First day of the week can now be set
  * Calendar: Several fixes related to cutting/deleting of events
    and email schedulin
  * Fix date display issues (bsc#1109379)
  * Fix start-up crash due to folder name with special characters
    (bsc#1107772)
- Security fixes for the Mozilla platform picked up from 60.1 and
  60.2 (Firefox ESR releases). In general, these flaws
  cannot be exploited through email in Thunderbird because
  scripting is disabled when reading mail, but are potentially
  risks in browser or browser-like contexts (MFSA 2018-25):
  * CVE-2018-12377 (bsc#1107343, bmo#1470260)
    Use-after-free in refresh driver timers
  * CVE-2018-12378 (bsc#1107343, bmo#1459383)
    Use-after-free in IndexedDB
  * CVE-2017-16541 (bsc#1066489, bmo#1412081)
    Proxy bypass using automount and autofs
  * CVE-2018-12376 (bmo#69309,bmo#69914,bmo#50989,bmo#80092,
    bmo#80517,bmo#81093,bmo#78575,bmo#71953,bmo#73161,bmo#66991,
    bmo#68738,bmo#83120,bmo#67363,bmo#72925,bmo#66577,bmo#67889,
    bmo#80521,bsc#1107343)
    Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2
  * CVE-2018-12385 (bsc#1109363, bmo#1490585)
    Crash in TransportSecurityInfo due to cached data
  * CVE-2018-12383 (bsc#1107343, bmo#1475775)
    Setting a master password did not delete unencrypted
    previously stored passwords
-------------------------------------------------------------------
Tue Sep 11 09:59:08 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org>
- Update file list since minidump-analyzer is only available when
  crashreporter is enabled
-------------------------------------------------------------------
Sat Aug 25 18:59:41 UTC 2018 - astieger@suse.com
- remove non-free untar licenced code from distributed tarball
-------------------------------------------------------------------
Wed Aug 15 09:09:03 UTC 2018 - bjorn.lie@gmail.com
- Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
  conditional --disable-gconf to configure: no longer pull in
  obsolete gconf2 for Tumbleweed.
-------------------------------------------------------------------
Fri Aug  3 06:02:53 UTC 2018 - wr@rosenauer.org
- update to Thunderbird 60.0:
  https://www.thunderbird.net/en-US/thunderbird/60.0/releasenotes/
  * Improved message handling and composing
  * Improved handling of message templates
  * Support for OAuth2 and FIDO U2F
  * Various Calendar improvements
  * Various fixes and changes to e-mail workflow
  * Various IMAP fixes
  * Native desktop notifications
- Security fixes which can not, in general, be exploited through
  email, but are potential risks in browser or browser-like contexts:
  MFSA 2018-19 (bsc#1098998)
  * CVE-2018-12359 (bmo#1459162)
    Buffer overflow using computed size of canvas element
  * CVE-2018-12360 (bmo#1459693)
    Use-after-free when using focus()
  * CVE-2018-12361 (bmo#1463244)
    Integer overflow in SwizzleData
  * CVE-2018-12362 (bmo#1452375)
    Integer overflow in SSSE3 scaler
  * CVE-2018-5156 (bmo#1453127)
    Media recorder segmentation fault when track type is changed
    during capture
  * CVE-2018-12363 (bmo#1464784)
    Use-after-free when appending DOM nodes
  * CVE-2018-12364 (bmo#1436241)
    CSRF attacks through 307 redirects and NPAPI plugins
  * CVE-2018-12365 (bmo#1459206)
    Compromised IPC child process can list local filenames
  * CVE-2018-12371 (bmo#1465686)
    Integer overflow in Skia library during edge builder allocation
  * CVE-2018-12366 (bmo#1464039)
    Invalid data handling during QCMS transformations
  * CVE-2018-12367 (bmo#1462891)
    Timing attack mitigation of PerformanceNavigationTiming
  * CVE-2018-5187 (bmo#1461324,bmo#1414829,bmo#1395246,bmo#1467938,
    bmo#1461619,bmo#1425930,bmo#1438556,bmo#1454285,bmo#1459568,
    bmo#1463884)
    Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and 
    Thunderbird 60
  * CVE-2018-5188 (bmo#1456189,bmo#1456975,bmo#1465898,bmo#1392739,
    bmo#1451297,bmo#1464063,bmo#1437842,bmo#1442722,bmo#1452576,
    bmo#1450688,bmo#1458264,bmo#1458270,bmo#1465108,bmo#1464829,
    bmo#1464079,bmo#1463494,bmo#1458048)
    Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, Firefox
    ESR 52.9, and Thunderbird 60
- requires NSPR 4.19 and NSS 3.36.4
- source archives are now signed directly
  (removed checksum signature check)
- imported patches from Firefox 60
  * mozilla-bmo1375074.patch
  * mozilla-bmo1464766.patch
  * mozilla-i586-DecoderDoctorLogger.patch
  * mozilla-i586-domPrefs.patch
- removed obsolete patches
  * mozilla-language.patch
  * tb-ssldap.patch
  * mozilla-develdirs.patch
- removed -devel subpackage as old-style extensions are mainly gone
- storing of remote content settings fixed (boo#1084603)
-------------------------------------------------------------------
Tue Jul 10 06:29:59 UTC 2018 - wr@rosenauer.org
- update to Thunderbird 52.9.1
  * Deleting or detaching attachments corrupted messages under certain
    circumstances (bmo#1473893, bsc#1100780)
-------------------------------------------------------------------
Mon Jul  2 12:36:32 UTC 2018 - wr@rosenauer.org
- update to Thunderbird 52.9.0:
  MFSA 2018-16 (bsc#1098998)
  * CVE-2018-12359 (bmo#1459162)
    Buffer overflow using computed size of canvas element
  * CVE-2018-12360 (bmo#1459693)
    Use-after-free when using focus()
  * CVE-2018-12372 (bmo#1419417, bsc#1100082)
    S/MIME and PGP decryption oracles can be built with HTML emails
  * CVE-2018-12373 (bmo#1464667, bmo#1464056, bsc#1100079)
    S/MIME plaintext can be leaked through HTML reply/forward
  * CVE-2018-12362 (bmo#1452375)
    Integer overflow in SSSE3 scaler
  * CVE-2018-12363 (bmo#1464784)
    Use-after-free when appending DOM nodes
  * CVE-2018-12364 (bmo#1436241)
    CSRF attacks through 307 redirects and NPAPI plugins
  * CVE-2018-12365 (bmo#1459206)
    Compromised IPC child process can list local filenames
  * CVE-2018-12366 (bmo#1464039)
    Invalid data handling during QCMS transformations
  * CVE-2018-12374 (bmo#1462910, bsc#1100081)
    Using form to exfiltrate encrypted mail part by pressing enter in form field
  * CVE-2018-5188 (bmo#1456189,bmo#1456975,bmo#1465898,bmo#1392739,
    bmo#1451297,bmo#1464063,bmo#1437842,bmo#1442722,bmo#1452576,
    bmo#1450688,bmo#1458264,bmo#1458270,bmo#1465108,bmo#1464829,
    bmo#1464079,bmo#1463494,bmo#1458048)
    Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9
  * Thunderbird will now prompt to compact IMAP folders even if the
    account is online
  * Option for not decrypting subordinate message parts that
    otherwise might reveal decryted content to the attacker.
    Preference mailnews.p7m_subparts_external needs to be set to
    true for added security.
  * Fix various problems when forwarding messages inline when using
    "simple" HTML view
- correct requires and provides handling (boo#1076907)
- reduce memory footprint with %ix86 at linking time via additional
  compiler flags (boo#1091376)
-------------------------------------------------------------------
Sun Jul  1 12:23:45 UTC 2018 - astieger@suse.com
- Build from upstream source archive and verify source signature
  (boo#1085780)
-------------------------------------------------------------------
Sat May 19 06:16:58 UTC 2018 - wr@rosenauer.org
- update to Thunderbird 52.8 (bsc#1092548)
  MFSA 2018-13
  * CVE-2018-5183 (bmo#1454692)
    Backport critical security fixes in Skia
  * CVE-2018-5184 (bmo#1411592, bsc#1093152)
    Full plaintext recovery in S/MIME via chosen-ciphertext attack
  * CVE-2018-5154 (bmo#1443092)
    Use-after-free with SVG animations and clip paths
  * CVE-2018-5155 (bmo#1448774)
    Use-after-free with SVG animations and text paths
  * CVE-2018-5159 (bmo#1441941)
    Integer overflow and out-of-bounds write in Skia
  * CVE-2018-5161 (bmo#1411720)
    Hang via malformed headers
  * CVE-2018-5162 (bmo#1457721, bsc#1093152)
    Encrypted mail leaks plaintext through src attribute
  * CVE-2018-5170 (bmo#1411732)
    Filename spoofing for external attachments
  * CVE-2018-5168 (bmo#1449548)
    Lightweight themes can be installed without user interaction
  * CVE-2018-5174 (bmo#1447080) (Windows only)
    Windows Defender SmartScreen UI runs with less secure behavior
    for downloaded files in Windows 10 April 2018 Update
  * CVE-2018-5178 (bmo#1443891)
    Buffer overflow during UTF-8 to Unicode string conversion
    through legacy extension
  * CVE-2018-5185 (bmo#1450345)
    Leaking plaintext through HTML forms
  * CVE-2018-5150 (bmo#1388020,bmo#1433609,bmo#1409440,bmo#1448705,
    bmo#1451376,bmo#1452202,bmo#1444668,bmo#1393367,bmo#1411415,
    bmo#1426129)
    Memory safety bugs fixed in Firefox 60, Firefox ESR 52.8 and
    Thunderbird 52.8
-------------------------------------------------------------------
Wed Mar 28 01:31:17 CEST 2018 - ro@suse.de
- Exclude bigendian archs for now, have not built
  since version 45.8.0
  ExcludeArch: ppc ppc64 s390 s390x
-------------------------------------------------------------------
Fri Mar 23 09:39:40 UTC 2018 - wr@rosenauer.org
- update to Thunderbird 52.7
  * Searching message bodies of messages in local folders, including
    filter and quick filter operations, did not find content in
    message attachments
  * Better error handling for Yahoo accounts
- The following security fixes are included as part of the mozilla
  platform. In general, these flaws cannot be exploited through
  email in the Thunderbird product because scripting is disabled
  when reading mail, but are potentially risks in browser or
  browser-like contexts (MFSA 2018-09, bsc#1085130, bsc#1085671):
  * CVE-2018-5127 (bmo#1430557)
    Buffer overflow manipulating SVG animatedPathSegList
  * CVE-2018-5129 (bmo#1428947)
    Out-of-bounds write with malformed IPC messages
  * CVE-2018-5144 (bmo#1440926)
    Integer overflow during Unicode conversion
  * CVE-2018-5146 (bmo#1446062)
    Out of bounds memory write in libvorbis
  * CVE-2018-5125 (bmo1416529,bmo#1434580,bmo#1434384,bmo#1437450,
    bmo#1437507,bmo#1426988,bmo#1438425,bmo#1324042,bmo#1437087,
    bmo#1443865,bmo#1425520)
    Memory safety bugs fixed in Firefox 59, Firefox ESR 52.7, and
    Thunderbird 52.7
  * CVE-2018-5145 (bmo#1261175,bmo#1348955)
    Memory safety bugs fixed in Firefox ESR 52.7 and Thunderbird
    52.7
-------------------------------------------------------------------
Wed Jan 24 11:40:38 UTC 2018 - wr@rosenauer.org
- update to Thunderbird 52.6 (bsc#1077291)
  * Searching message bodies of messages in local folders, including
    filter and quick filter operations, not working reliably: Content
    not found in base64-encode message parts, non-ASCII text not found
    and false positives found.
  * Defective messages (without at least one expected header) not shown
    in IMAP folders but shown on mobile devices
  * Calendar: Unintended task deletion if numlock is enabled
  * Mozilla platform security fixes
  MFSA 2018-04
  * CVE-2018-5095 (bmo#1418447)
    Integer overflow in Skia library during edge builder allocation
  * CVE-2018-5096 (bmo#1418922)
    Use-after-free while editing form elements
  * CVE-2018-5097 (bmo#1387427)
    Use-after-free when source document is manipulated during XSLT
  * CVE-2018-5098 (bmo#1399400)
    Use-after-free while manipulating form input elements
  * CVE-2018-5099 (bmo#1416878)
    Use-after-free with widget listener
  * CVE-2018-5102 (bmo#1419363)
    Use-after-free in HTML media elements
  * CVE-2018-5103 (bmo#1423159)
    Use-after-free during mouse event handling
  * CVE-2018-5104 (bmo#1425000)
    Use-after-free during font face manipulation
  * CVE-2018-5117 (bmo#1395508)
    URL spoofing with right-to-left text aligned left-to-right
  * CVE-2018-5089
    Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6
- dropped obsolete mozilla-ucontext.patch
-------------------------------------------------------------------
Sat Dec 23 18:36:42 UTC 2017 - wr@rosenauer.org
- update to Thunderbird 52.5.2
  * This releases fixes the "Mailsploit" vulnerability and other
    vulnerabilities detected by the "Cure53" audit
  MFSA 2017-30
  * CVE-2017-7845 (bmo#1402372)
    Buffer overflow when drawing and validating elements with ANGLE
    library using Direct 3D 9
  * CVE-2017-7846 (bmo#1411716, bsc#1074043)
    JavaScript Execution via RSS in mailbox:// origin
  * CVE-2017-7847 (bmo#1411708, bsc#1074044)
    Local path string can be leaked from RSS feed
  * CVE-2017-7848 (bmo#1411699, bsc#1074045)
    RSS Feed vulnerable to new line Injection
  * CVE-2017-7829 (bmo#1423432, bsc#1074046)
    Mailsploit part 1: From address with encoded null character is
    cut off in message header display
-------------------------------------------------------------------
Fri Dec  8 15:53:30 UTC 2017 - dimstar@opensuse.org
- Explicitly buildrequires python2-xml: The build system relies on
  it. We wrongly relied on other packages pulling it in for us.
-------------------------------------------------------------------
Thu Dec  7 11:13:41 UTC 2017 - dimstar@opensuse.org
- Escape the usage of %{VERSION} when calling out to rpm.
  RPM 4.14 has %{VERSION} defined as 'the main packages version'.
-------------------------------------------------------------------
Wed Nov 22 10:02:35 UTC 2017 - wr@rosenauer.org
- update to Thunderbird 52.5.0 (bsc#1068101)
  * Better support for Charter/Spectrum IMAP: Thunderbird will now
    detect Charter's IMAP service and send an additional IMAP select
    command to the server. Check the various preferences ending in
    "force_select" to see whether auto-detection has discovered this case.
  * In search folders spanning multiple base folders clicking on a
    message sometimes marked another message as read
  * IMAP alerts have been corrected and now show the correct server
    name in case of connection problems
  * POP alerts have been corrected and now indicate connection problems
    in case the configured POP server cannot be found
  MFSA 2017-26
  * CVE-2017-7828 (bmo#1406750. bmo#1412252)
    Use-after-free of PressShell while restyling layout
  * CVE-2017-7830 (bmo#1408990)
    Cross-origin URL information leak through Resource Timing API
  * CVE-2017-7826
    Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5
-------------------------------------------------------------------
Fri Nov 10 22:12:18 UTC 2017 - zaitor@opensuse.org
- Drop obsolete libgnomeui-devel BuildRequires: No longer needed.
- Add explicit pkgconfig(gconf-2.0), pkgconfig(gobject-2.0),
  pkgconfig(gtk+-2.0), pkgconfig(gtk+-unix-print-2.0),
  pkgconfig(glib-2.0), pkgconfig(gobject-2.0) and
  pkgconfig(gdk-x11-2.0) BuildRequires: Previously pulled in by
  libgnomeui-devel, and is what configure really checks for.
-------------------------------------------------------------------
Wed Oct  4 09:18:39 UTC 2017 - astieger@suse.com
- Mozilla Thunderbird 52.4.0 (bsc#1060445)
  * new behavior was introduced for replies to mailing list posts:
    "When replying to a mailing list, reply will be sent to address
    in From header ignoring Reply-to header". A new preference
    mail.override_list_reply_to allows to restore the previous behavior.
  * Under certain circumstances (image attachment and non-image
    attachment), attached images were shown truncated in messages
    stored in IMAP folders not synchronised for offline use.
  * IMAP UIDs > 0x7FFFFFFF now handled properly
  Security fixes from Gecko 52.4esr
  * CVE-2017-7793 (bmo#1371889)
    Use-after-free with Fetch API
  * CVE-2017-7818 (bmo#1363723)
    Use-after-free during ARIA array manipulation
  * CVE-2017-7819 (bmo#1380292)
    Use-after-free while resizing images in design mode
  * CVE-2017-7824 (bmo#1398381)
    Buffer overflow when drawing and validating elements with ANGLE
  * CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement)
    Use-after-free in TLS 1.2 generating handshake hashes
  * CVE-2017-7814 (bmo#1376036)
    Blob and data URLs bypass phishing and malware protection warnings
  * CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only)
    OS X fonts render some Tibetan and Arabic unicode characters as spaces
  * CVE-2017-7823 (bmo#1396320)
    CSP sandbox directive did not create a unique origin
  * CVE-2017-7810
    Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4
-------------------------------------------------------------------
Thu Sep 28 07:56:22 UTC 2017 - dimstar@opensuse.org
- Add alsa-devel BuildRequires: we care for ALSA support to be
  built and thus need to ensure we get the dependencies in place.
  In the past, alsa-devel was pulled in by accident: we
  buildrequire libgnome-devel. This required esound-devel and that
  in turn pulled in alsa-devel for us. libgnome is being fixed to
  no longer require esound-devel.
-------------------------------------------------------------------
Tue Aug 15 12:48:43 UTC 2017 - wr@rosenauer.org
- update to Thunderbird 52.3 (boo#1052829)
  Fixed issues:
  * Unwanted inline images shown in rogue SPAM messages
  * Deleting message from the POP3 server not working when maildir
    storage was used
  * Message disposition flag (replied / forwarded) lost when reply or
    forwarded message was stored as draft and draft was sent later
  * Inline images not scaled to fit when printing
  * Selected text from another message sometimes included in a reply
  * No authorisation prompt displayed when inserting image into email
    body although image URL requires authentication
  * Large attachments taking a long time to open under some circumstances
  security
  Security fixes from Gecko 52.3esr
  * CVE-2017-7798 (bmo#1371586, bmo#1372112)
    XUL injection in the style editor in devtools
  * CVE-2017-7800 (bmo#1374047)
    Use-after-free in WebSockets during disconnection
  * CVE-2017-7801 (bmo#1371259)
    Use-after-free with marquee during window resizing
  * CVE-2017-7784 (bmo#1376087)
    Use-after-free with image observers
  * CVE-2017-7802 (bmo#1378147)
    Use-after-free resizing image elements
  * CVE-2017-7785 (bmo#1356985)
    Buffer overflow manipulating ARIA attributes in DOM
  * CVE-2017-7786 (bmo#1365189)
    Buffer overflow while painting non-displayable SVG
  * CVE-2017-7753 (bmo#1353312)
    Out-of-bounds read with cached style data and pseudo-elements#
  * CVE-2017-7787 (bmo#1322896)
    Same-origin policy bypass with iframes through page reloads
  * CVE-2017-7807 (bmo#1376459)
    Domain hijacking through AppCache fallback
  * CVE-2017-7792 (bmo#1368652)
    Buffer overflow viewing certificates with an extremely long OID
  * CVE-2017-7804 (bmo#1372849)
    Memory protection bypass through WindowsDllDetourPatcher
  * CVE-2017-7791 (bmo#1365875)
    Spoofing following page navigation with data: protocol and modal alerts
  * CVE-2017-7782 (bmo#1344034)
    WindowsDllDetourPatcher allocates memory without DEP protections
  * CVE-2017-7803 (bmo#1377426)
    CSP containing 'sandbox' improperly applied
  * CVE-2017-7779
    Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
-------------------------------------------------------------------
Wed Aug  9 09:47:39 UTC 2017 - schwab@suse.de
- mozilla-ucontext.patch: use ucontext_t instead of struct ucontext
-------------------------------------------------------------------
Wed Jun 28 13:57:13 UTC 2017 - guillaume@opensuse.org
- mozilla-disable-neon-option.patch has been dropped silently, so
  remove the --disable-neon option as it is not available anymore.
-------------------------------------------------------------------
Sun Jun 25 06:55:13 UTC 2017 - wr@rosenauer.org
- update to Thunderbird 52.2.1
  * Problems with Gmail fixed (folders not showing, repeated email
    download, etc.) introduced in version 52.2.0. (boo#1045895)
-------------------------------------------------------------------
Wed Jun 14 11:34:58 UTC 2017 - wr@rosenauer.org
- update to Thunderbird 52.2 (boo#1043960)
  * Embedded images not shown in email received from Hotmail/Outlook
    webmailer
  * Detection of non-ASCII font names in font selector
  * Attachment not forwarded correctly under certain circumstances
  * Multiple requests for master password when GMail OAuth2 is enabled
  * Large number of blank pages being printed under certain
    circumstances when invalid preferences were present
  * Messages sent via the Simple MAPI interface are forced to HTML
  * Calendar: Invitations can't be printed
  * Mailing list (group) not accessible from macOS or Outlook address book
  * Clicking on links with references/anchors where target doesn't
    exist in the message not opening in external browser
  MFSA 2017-17
  * CVE-2017-5472 (bmo#1365602)
    Use-after-free using destroyed node when regenerating trees
  * CVE-2017-7749 (bmo#1355039)
    Use-after-free during docshell reloading
  * CVE-2017-7750 (bmo#1356558)
    Use-after-free with track elements
  * CVE-2017-7751 (bmo#1363396)
    Use-after-free with content viewer listeners
  * CVE-2017-7752 (bmo#1359547)
    Use-after-free with IME input
  * CVE-2017-7754 (bmo#1357090)
    Out-of-bounds read in WebGL with ImageInfo object
  * CVE-2017-7756 (bmo#1366595)
    Use-after-free and use-after-scope logging XHR header errors
  * CVE-2017-7757 (bmo#1356824)
    Use-after-free in IndexedDB
  * CVE-2017-7778, CVE-2017-7778, CVE-2017-7771, CVE-2017-7772,
    CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776,
    CVE-2017-7777
    Vulnerabilities in the Graphite 2 library
  * CVE-2017-7758 (bmo#1368490)
    Out-of-bounds read in Opus encoder
  * CVE-2017-7763 (bmo#1360309)
    Mac fonts render some unicode characters as spaces (MacOS only)
  * CVE-2017-7764 (bmo#1364283)
    Domain spoofing with combination of Canadian Syllabics and other
    unicode blocks
  * CVE-2017-7765 (bmo#1273265)
    Mark of the Web bypass when saving executable files (Windows only)
  * CVE-2017-5470
    Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2
- requires NSS 3.28.5
-------------------------------------------------------------------
Sun Jun  4 07:31:01 UTC 2017 - wr@rosenauer.org
- remove legacy -Os optimization breaking gcc7/i586 (boo#1042090)
-------------------------------------------------------------------
Thu Jun  1 06:09:23 UTC 2017 - wr@rosenauer.org
- explicitely optimize with -O2 for openSUSE > 13.2/Leap 42 to work
  with gcc7 (boo#1040105, boo#1042090)
-------------------------------------------------------------------
Thu May 11 21:16:41 UTC 2017 - wr@rosenauer.org
- update to Thunderbird 52.1.1
  * fixed crash when compacting IMAP folder (boo#1038753)
  * Some attachments could not be opened or saved if the message
    body is empty
  * Unable to load full message via POP if message was downloaded
    partially (or only headers) before
  * Large attachments may not be shown or saved correctly if the
    message is stored in an IMAP folder which is not synchronized
    for offline use
-------------------------------------------------------------------
Mon May  1 08:52:52 UTC 2017 - wr@rosenauer.org
- update to Thunderbird 52.1.0
  * Background images not working and other issues related to
    embedded images when composing email have been fixed
  * Google Oauth setup can sometimes not progress to the next step
  * requires NSS >= 3.28.4
- security fixes (boo#1035082), MFSA 2017-13
  * CVE-2017-5443 (bmo#1342661)
    Out-of-bounds write during BinHex decoding
  * CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894,
     bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088)
    Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and
    Firefox ESR 52.1
  * CVE-2017-5464 (bmo#1347075)
    Memory corruption with accessibility and DOM manipulation
  * CVE-2017-5465 (bmo#1347617)
    Out-of-bounds read in ConvolvePixel
  * CVE-2017-5466 (bmo#1353975)
    Origin confusion when reloading isolated data:text/html URL
  * CVE-2017-5467 (bmo#1347262)
    Memory corruption when drawing Skia content
  * CVE-2017-5460 (bmo#1343642)
    Use-after-free in frame selection
  * CVE-2017-5461 (bmo#1344380)
    Out-of-bounds write in Base64 encoding in NSS
  * CVE-2017-5449 (bmo#1340127)
    Crash during bidirectional unicode manipulation with animation
  * CVE-2017-5446 (bmo#1343505)
    Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
  * CVE-2017-5447 (bmo#1343552)
    Out-of-bounds read during glyph processing
  * CVE-2017-5444 (bmo#1344461)
    Buffer overflow while parsing application/http-index-format content
  * CVE-2017-5445 (bmo#1344467)
    Uninitialized values used while parsing application/http-index-format
    content
  * CVE-2017-5442 (bmo#1347979)
    Use-after-free during style changes
  * CVE-2017-5469 (bmo#1292534)
    Potential Buffer overflow in flex-generated code
  * CVE-2017-5440 (bmo#1336832)
    Use-after-free in txExecutionState destructor during XSLT processing
  * CVE-2017-5441 (bmo#1343795)
    Use-after-free with selection during scroll events
  * CVE-2017-5439 (bmo#1336830)
    Use-after-free in nsTArray Length() during XSLT processing
  * CVE-2017-5438 (bmo#1336828)
    Use-after-free in nsAutoPtr during XSLT processing
  * CVE-2017-5437 (bmo#1343453)
    Vulnerabilities in Libevent library
  * CVE-2017-5436 (bmo#1345461)
    Out-of-bounds write with malicious font in Graphite 2
  * CVE-2017-5435 (bmo#1350683)
    Use-after-free during transaction processing in the editor
  * CVE-2017-5434 (bmo#1349946)
    Use-after-free during focus handling
  * CVE-2017-5433 (bmo#1347168)
    Use-after-free in SMIL animation functions
  * CVE-2017-5432 (bmo#1346654)
    Use-after-free in text input selection
  * CVE-2017-5430 (bmo#1329796, bmo#1337418, bmo#1339722, bmo#1340482,
     bmo#1342101, bmo#1344081, bmo#1344305, bmo#1344686, bmo#1346140,
     bmo#1346419, bmo#1348143, bmo#1349621, bmo#1349719, bmo#1353476)
    Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1
  * CVE-2017-5459 (bmo#1333858)
    Buffer overflow in WebGL
  * CVE-2017-5462 (bmo#1345089)
    DRBG flaw in NSS
  * CVE-2017-5454 (bmo#1349276)
    Sandbox escape allowing file system read access through file
    picker
  * CVE-2017-5451 (bmo#1273537)
    Addressbar spoofing with onblur event
-------------------------------------------------------------------
Mon Apr 17 12:43:48 UTC 2017 - wr@rosenauer.org
- update to Thunderbird 52.0.1
  * Clicking on a link in an email may not open this link in the
    external browser
  * addon blocklist updates
- enable ALSA for systems w/o PA
- require libffi explicitely to fix PPC64LE build where a system
  library is required
-------------------------------------------------------------------
Sat Mar 18 21:06:01 UTC 2017 - wr@rosenauer.org
- update to Thunderbird 52.0
  * Optionally remove corresponding data files when removing an account
  * Possibility to copy message filter
  * Calendar: Event can now be created and edited in a tab
  * Calendar: Processing of received invitation counter proposals
  * Chat: Support Twitter Direct Messages
  * Chat: Liking and favoriting in Twitter
  * Chat: Removed Yahoo! Messenger support
  * serveral bugfixes
- security fixes (bsc#1028391, MFSA 2017-09):
  In general, these flaws cannot be exploited through email because
  scripting is disabled when reading mail, but are potentially
  risks in browser or browser-like contexts.
  * CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP (bmo#1334933)
  * CVE-2017-5401: Memory Corruption when handling ErrorResult (bmo#1328861)
  * CVE-2017-5402: Use-after-free working with events in FontFace objects (bmo#1334876)
  * CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object (bmo#1340186)
  * CVE-2017-5404: Use-after-free working with ranges in selections (bmo#1340138)
  * CVE-2017-5406: Segmentation fault in Skia with canvas operations (bmo#1306890)
  * CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters (bmo#1336622)
  * CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping (bmo#1330687)
  * CVE-2017-5408: Cross-origin reading of video captions in violation of CORS (bmo#1313711)
  * CVE-2017-5412: Buffer overflow read in SVG filters (bmo#1328323)
  * CVE-2017-5413: Segmentation fault during bidirectional operations (bmo#1337504)
  * CVE-2017-5414: File picker can choose incorrect default directory (bmo#1319370)
  * CVE-2017-5416: Null dereference crash in HttpChannel (bmo#1328121)
  * CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running (bmo#1257361)
  * CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses (bmo#1338876)
  * CVE-2017-5419: Repeated authentication prompts lead to DOS attack (bmo#1312243)
  * CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports (bmo#1336699)
  * CVE-2017-5421: Print preview spoofing (bmo#1301876)
  * CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink (bmo#1295002)
  * CVE-2017-5399: Memory safety bugs fixed in Thunderbird 52
  * CVE-2017-5398: Memory safety bugs fixed in Thunderbird 52 and Thunderbird 45.8
- removed obsolete patches
  * mozilla-aarch64-48bit-va.patch
  * mozilla-binutils-visibility.patch
  * mozilla-flex_buffer_overrun.patch
  * mozilla-gcc6.patch
- added generic mozilla patches
  * mozilla-aarch64-startup-crash.patch
- require newer versions of NSPR and NSS
- use Gtk3 for Tumbleweed
-------------------------------------------------------------------
Tue Mar  7 15:08:23 UTC 2017 - wr@rosenauer.org
- update to Thunderbird 45.8.0 (boo#1028391)
  * MFSA 2017-07
    CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
                   (bmo#1334933)
    CVE-2017-5401: Memory Corruption when handling ErrorResult
                   (bmo#1328861)
    CVE-2017-5402: Use-after-free working with events in FontFace
                   objects (bmo#1334876)
    CVE-2017-5404: Use-after-free working with ranges in selections
                   (bmo#1340138)
    CVE-2017-5407: Pixel and history stealing via floating-point
                   timing side channel with SVG filters (bmo#1336622)
    CVE-2017-5410: Memory corruption during JavaScript garbage
                   collection incremental sweeping (bmo#1330687)
    CVE-2017-5408: Cross-origin reading of video captions in violation
                   of CORS (bmo#1313711)
    CVE-2017-5405: FTP response codes can cause use of
                   uninitialized values for ports (bmo#1336699)
    CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and
                   Firefox ESR 45.8
-------------------------------------------------------------------
Thu Feb  9 07:49:54 UTC 2017 - wr@rosenauer.org
- update to Thunderbird 45.7.1
  * fixed Crash when viewing certain IMAP messages (introduced in 45.7.0)
-------------------------------------------------------------------
Tue Jan 24 20:43:57 UTC 2017 - wr@rosenauer.org
- update to Thunderbird 45.7.0
  * Message preview pane non-functional after IMAP folder was renamed
    or moved
  * "Move To" button on "Search Messages" panel not working
  * Message sent to "undisclosed recipients" shows no recipient
    (non-functional since Thunderbird version 38)
  * Security updates from MFSA 2017-03 (Gecko 45.7.0) boo#1021991.
    In general, these flaws cannot be exploited through email in
    Thunderbird because scripting is disabled when reading mail,
    but are potentially risks in browser or browser-like contexts:
    CVE-2017-5375: Excessive JIT code allocation allows bypass of
                   ASLR and DEP (bmo#1325200, boo#1021814)
    CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817)
    CVE-2017-5378: Pointer and frame data leakage of Javascript objects
                   (bmo#1312001, bmo#1330769, boo#1021818)
    CVE-2017-5380: Potential use-after-free during DOM manipulations
                   (bmo#1322107, boo#1021819)
    CVE-2017-5390: Insecure communication methods in Developer Tools
                   JSON viewer (bmo#1297361, boo#1021820)
    CVE-2017-5396: Use-after-free with Media Decoder
                   (bmo#1329403, boo#1021821)
    CVE-2017-5383: Location bar spoofing with unicode characters
                   (bmo#1323338, bmo#1324716, boo#1021822)
    CVE-2017-5373: Memory safety bugs fixed in Thunderbird 45.7
                   (boo#1021824)
-------------------------------------------------------------------
Thu Dec 29 08:33:21 UTC 2016 - wr@rosenauer.org
- update to Thunderbird 45.6.0 (boo#1015422)
  * The system integration dialog was shown every time when starting
    Thunderbird
  * MFSA 2016-96
    CVE-2016-9899: Use-after-free while manipulating DOM events and
                   audio elements (bmo#1317409)
    CVE-2016-9895: CSP bypass using marquee tag (bmo#1312272)
    CVE-2016-9897: Memory corruption in libGLES (bmo#1301381)
    CVE-2016-9898: Use-after-free in Editor while manipulating DOM
                   subtrees (bmo#1314442)
    CVE-2016-9900: Restricted external resources can be loaded by
                   SVG images through data URLs (bmo#1319122)
    CVE-2016-9904: Cross-origin information leak in shared atoms
                   (bmo#1317936)
    CVE-2016-9905: Crash in EnumerateSubDocuments (bmo#1293985)
    CVE-2016-9893: Memory safety bugs fixed in Thunderbird 45.6
-------------------------------------------------------------------
Thu Dec  1 09:58:57 UTC 2016 - astieger@suse.com
- Mozilla Thunderbird 45.5.1:
  * CVE-2016-9079: SVG Animation Remote Code Execution
                   (MFSA 2016-92, bsc#1012964, bmo#1321066)
-------------------------------------------------------------------
Sat Nov 19 14:20:05 UTC 2016 - astieger@suse.com
- Mozilla Thunderbird 45.5.0 (boo#1009026)
  * Fixes for security flaws that cannot be exploited through email
    because scripting is disabled when reading mail, but are
    potentially risks in browser or browser-like contexts:
    CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
                   (bsc#1010411)
    CVE-2016-5297: Incorrect argument length checking in Javascript
                   (bsc#1010401)
    CVE-2016-9066: Integer overflow leading to a buffer overflow in
                   nsScriptLoadHandler (bsc#1010404)
    CVE-2016-5291: Same-origin policy violation using local HTML file
                   and saved shortcut file (bsc#1010410)
    CVE-2016-5290: Memory safety bugs fixed in Thunderbird ESR 45.5
                   (bsc#1010427)
- Changed behavior:
  * Changed recipient address entry: Arrow-keys now copy the pop-up
    value to the input field. Mouse-hovered pop-up value can no
    longer be confirmed with tab or enter key. This restores the
    behavior of Thunderbird 24.
  * Support changes to character limit in Twitter
- Bugs fixed:
  * Reply with selected text containing quote resulted in wrong
    quoting level indication
  * Email invitation might not be displayed when description
    contains non-ASCII characters
  * Attempting to sort messages on the Date field whilst a quick
    filter is applied got stuck on sort descending
  * Mail address display at header pane displayed incorrectly if
    the address contains UTF-8 according to RFC 6532
-------------------------------------------------------------------
Sat Oct  1 07:12:08 UTC 2016 - wr@rosenauer.org
- update to Thunderbird 45.4.0 (boo#999701)
  * Display name was truncated if no separating space before email
    address.
  * Recipient addresses were shown in wrong color in some circumstances.
  * Additional spaces were inserted when drafts were edited.
  * Mail saved as template copied In-Reply-To and References from
    original email.
  * Threading broken when editing message draft, due to loss of Message-ID
  * "Apply columns to..." did not honor special folders
-------------------------------------------------------------------
Tue Aug 30 06:55:14 UTC 2016 - wr@rosenauer.org
- update to Thunderbird 45.3.0 (boo#991809)
  * Disposition-Notification-To could not be used in
    mail.compose.other.header
  * "edit as new message" on a received message pre-filled the sender
    as the composing identity.
  * Certain messages caused corruption of the drafts summary database.
  security fixes:
  * MFSA 2016-62/CVE-2016-2836
    Miscellaneous memory safety hazards
  * MFSA 2016-63/CVE-2016-2830 (bmo#1255270)
    Favicon network connection can persist when page is closed
  * MFSA 2016-64/CVE-2016-2838 (bmo#1279814)
    Buffer overflow rendering SVG with bidirectional content
  * MFSA 2016-65/CVE-2016-2839 (bmo#1275339)
    Cairo rendering crash due to memory allocation issue with FFmpeg 0.10
  * MFSA 2016-67/CVE-2016-5252 (bmo#1268854)
    Stack underflow during 2D graphics rendering
  * MFSA 2016-70/CVE-2016-5254 (bmo#1266963)
    Use-after-free when using alt key and toplevel menus
  * MFSA 2016-72/CVE-2016-5258 (bmo#1279146)
    Use-after-free in DTLS during WebRTC session shutdown
  * MFSA 2016-73/CVE-2016-5259 (bmo#1282992)
    Use-after-free in service workers with nested sync events
  * MFSA 2016-76/CVE-2016-5262 (bmo#1277475)
    Scripts on marquee tag can execute in sandboxed iframes
  * MFSA 2016-77/CVE-2016-2837 (bmo#1274637)
    Buffer overflow in ClearKey Content Decryption Module (CDM)
    during video playback
  * MFSA 2016-78/CVE-2016-5263 (bmo#1276897)
    Type confusion in display transformation
  * MFSA 2016-79/CVE-2016-5264 (bmo#1286183)
    Use-after-free when applying SVG effects
  * MFSA 2016-80/CVE-2016-5265 (bmo#1278013)
    Same-origin policy violation using local HTML file and saved shortcut file
-------------------------------------------------------------------
Fri Aug  5 13:47:12 UTC 2016 - pcerny@suse.com
- Fix for possible buffer overrun (bsc#990856)
  CVE-2016-6354 (bmo#1292534)
  [mozilla-flex_buffer_overrun.patch]
-------------------------------------------------------------------
Thu Jul 21 11:50:27 UTC 2016 - mailaender@opensuse.org
- add a screenshot to appdata.xml
-------------------------------------------------------------------
Thu Jun 30 09:18:14 UTC 2016 - wr@rosenauer.org
- update to Thunderbird 45.2 (boo#983549)
  Security fixes:
  * CVE-2016-2818, CVE-2016-2815: Memory safety bugs (MFSA2016-49)
- drop mozilla-flexible-array-member-in-union.patch, upstream
-------------------------------------------------------------------
Fri Jun 24 14:10:58 UTC 2016 - wr@rosenauer.org
- mozilla-binutils-visibility.patch to fix build issues with
  gcc/binutils combination used in Leap 42.2 (boo#984637)
-------------------------------------------------------------------
Thu Jun 23 10:15:51 UTC 2016 - wr@rosenauer.org
- build with -fno-delete-null-pointer-checks for Tumbleweed/gcc6
  as long as underlying issues have been addressed upstream
  (boo#986162)
-------------------------------------------------------------------
Mon Jun 13 20:28:01 UTC 2016 - agraf@suse.com
- Fix running on 48bit va aarch64 (bsc#984126)
  - Add patch mozilla-aarch64-48bit-va.patch
-------------------------------------------------------------------
Fri May 27 12:51:23 UTC 2016 - wr@rosenauer.org
- update to Thunderbird 45.1.1
  * When entering members into a mailing list, the enter key
    dismissed the panel instead of just moving onto the next line
  * Email without HTML elements was sent as HTML, despite
    "Delivery Format: Auto-detect" option
  * Options applied to a template were lost when the template was used
  * Contacts could not be deleted when they were found through a search
  * Views from global searches did not respect
    "mail.threadpane.use_correspondents"
-------------------------------------------------------------------
Wed May 25 18:20:24 UTC 2016 - badshah400@gmail.com
- The conditional testing for gcc was failing for different
  openSUSE versions, drop it and apply patches unconditionally.
-------------------------------------------------------------------
Tue May 24 18:28:31 UTC 2016 - badshah400@gmail.com
- Add patches to fix building with gcc >= 6:
  + mozilla-gcc6.patch: patch taken from fedora's git and is
    essentially identical to upstream firefox patch:
    https://hg.mozilla.org/mozilla-central/rev/55212130f19d.
  + mozilla-flexible-array-member-in-union.patch: patch taken
    from upstream bmo#1272649.
-------------------------------------------------------------------
Thu May 12 15:21:45 UTC 2016 - dimstar@opensuse.org
- Copy the icons to /usr/share/icons instead of symlinking them:
  in preparation for containerized apps (e.g. xdg-app) as well as
  AppStream metadata extraction, there are a couple locations that
  need to be real files for system integration (.desktop files,
  icons, mime-type info).
-------------------------------------------------------------------
Sat May  7 22:19:09 UTC 2016 - wr@rosenauer.org
- update to Thunderbird 45.1.0 (boo#977333)
  * MFSA 2016-39/CVE-2016-2806/CVE-2016-2807 (boo#977375, boo#977376)
    Miscellaneous memory safety hazards
-------------------------------------------------------------------
Wed Apr 27 04:26:56 UTC 2016 - badshah400@gmail.com
- For openSUSE > 13.2, the build fails for i586 as it goes out of
  memory. Prevent this from happening by disabing parallel build
  in this particular case (i.e. do not pass
  mk_add_options MOZ_MAKE_FLAGS%{?jobs:-j%jobs}).
-------------------------------------------------------------------
Sat Apr 16 08:11:14 UTC 2016 - wr@rosenauer.org
- update to Thunderbird 45.0 (boo#969894)
  * Add a Correspondents column combining Sender and Recipient
  * Much better support for XMPP chatrooms and commands
  * Remote content exceptions: Improved options to add exceptions
  * Implement option to always use HTML formatting to prevent
    unexpected format loss when converting messages to plain text
  * Use OpenStreetmap for maps (even allow the user to choose from
    list of map services)
  * Allow spell checking and dictionary selection in the subject line
  * Allow editing of From when composing a message
  * Add dropdown in compose to allow specific setting of font size
  * Return/Enter in composer will now insert a new paragraph by
    default (shift-Enter will insert a line break)
  * Allow copying of name and email address from the message header
    of an email
  * Mail.ru supports OAuth authentication
  * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953
    Miscellaneous memory safety hazards
  * MFSA 2016-17/CVE-2016-1954 (bmo#1243178)
    Local file overwriting and potential privilege escalation through
    CSP reports
  * MFSA 2016-18/CVE-2016-1955 (bmo#1208946)
    CSP reports fail to strip location information for embedded iframe pages
  * MFSA 2016-19/CVE-2016-1956 (bmo#1199923)
    Linux video memory DOS with Intel drivers
  * MFSA 2016-20/CVE-2016-1957 (bmo#1227052)
    Memory leak in libstagefright when deleting an array during MP4
    processing
  * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014)
    Use-after-free in HTML5 string parser
  * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)
    Use-after-free in SetBody
  * MFSA 2016-27/CVE-2016-1964 (bmo#1243335)
    Use-after-free during XML transformations
  * MFSA 2016-34/CVE-2016-1974 (bmo#1228103)
    Out-of-bounds read in HTML parser following a failed allocation
  * MFSA 2016-35/CVE-2016-1950 (bmo#1245528)
    Buffer overflow during ASN.1 decoding in NSS
    (fixed by requiring 3.21.1)
  * MFSA 2016-36/CVE-2016-1979 (bmo#1185033)
    Use-after-free during processing of DER encoded keys in NSS
    (fixed by requiring 3.21.1)
  * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/
    CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/
    CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/
    CVE-2016-2800/CVE-2016-2801/CVE-2016-2802
    Font vulnerabilities in the Graphite 2 library
- remove obsolete patches:
  * mozilla-arm-disable-edsp.patch
  * mozilla-icu-strncat.patch
  * mozilla-arm64-libjpeg-turbo.patch
- added required mozilla platform patches:
  * mozilla-no-stdcxx-check.patch
-------------------------------------------------------------------
Wed Apr  6 21:54:09 UTC 2016 - astieger@suse.com
- update to Thunderbird 38.7.2
  * disable Graphite font shaping library (same upstream changelog
    as 38.7.1)
-------------------------------------------------------------------
Fri Mar 25 09:40:09 UTC 2016 - wr@rosenauer.org
- update to Thunderbird 38.7.1
  * disabled Graphite font shaping library
-------------------------------------------------------------------
Fri Mar 11 12:57:25 UTC 2016 - wr@rosenauer.org
- update to Thunderbird 38.7.0 (boo#969894)
  * MFSA 2015-81/CVE-2015-4477 (bmo#1179484)
    Use-after-free in MediaStream playback
  * MFSA 2015-136/CVE-2015-7207 (bmo#1185256)
    Same-origin policy violation using performance.getEntries and
    history navigation
  * MFSA 2016-16/CVE-2016-1952
    Miscellaneous memory safety hazards
  * MFSA 2016-17/CVE-2016-1954 (bmo#1243178)
    Local file overwriting and potential privilege escalation through
    CSP reports
  * MFSA 2016-20/CVE-2016-1957 (bmo#1227052)
    Memory leak in libstagefright when deleting an array during MP4
    processing
  * MFSA 2016-21/CVE-2016-1958 (bmo#1228754)
    Displayed page address can be overridden
  * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014)
    Use-after-free in HTML5 string parser
  * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)
    Use-after-free in SetBody
  * MFSA 2016-25/CVE-2016-1962 (bmo#1240760)
    Use-after-free when using multiple WebRTC data channels
  * MFSA 2016-27/CVE-2016-1964 (bmo#1243335)
    Use-after-free during XML transformations
  * MFSA 2016-28/CVE-2016-1965 (bmo#1245264)
    Addressbar spoofing though history navigation and Location protocol
    property
  * MFSA 2016-31/CVE-2016-1966 (bmo#1246054)
    Memory corruption with malicious NPAPI plugin
  * MFSA 2016-34/CVE-2016-1974 (bmo#1228103)
    Out-of-bounds read in HTML parser following a failed allocation
  * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/
    CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/
    CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/
    CVE-2016-2800/CVE-2016-2801/CVE-2016-2802
    Font vulnerabilities in the Graphite 2 library
-------------------------------------------------------------------
Fri Feb 26 15:45:19 UTC 2016 - astieger@suse.com
- adjust _constraints to current peak build memory and disk usage
-------------------------------------------------------------------
Sat Feb 13 08:32:09 UTC 2016 - wr@rosenauer.org
- update to Thunderbird 38.6.0 (boo#963520)
  * Filters ran on a different folder than selected
  * MFSA 2016-01/CVE-2016-1930
    Miscellaneous memory safety hazards
  * MFSA 2016-03/CVE-2016-1935 (bmo#1220450)
    Buffer overflow in WebGL after out of memory allocation
-------------------------------------------------------------------
Mon Jan 25 10:39:23 UTC 2016 - olaf@aepfle.de
- Using -g for CFLAGS is controlled via project settings, it should
  not be enforced by the mozilla buildsystem.
-------------------------------------------------------------------
Mon Jan 18 07:32:51 UTC 2016 - olaf@aepfle.de
- Add build conditionals for valgrind and -Os
- Convert existing conditions for kde to bcond
-------------------------------------------------------------------
Tue Dec 29 20:30:59 UTC 2015 - wr@rosenauer.org
- update to Thunderbird 38.5.1
  * requires NSS 3.20.2 to fix
    MFSA 2015-150/CVE-2015-7575 (bmo#1158489)
    MD5 signatures accepted within TLS 1.2 ServerKeyExchange in
    server signature
- explicitely require libXcomposite-devel
-------------------------------------------------------------------
Wed Dec 23 10:13:38 UTC 2015 - wr@rosenauer.org
- update to Thunderbird 38.5.0 (bnc#959277)
  * MFSA 2015-134/CVE-2015-7201
    Miscellaneous memory safety hazards
  * MFSA 2015-138/CVE-2015-7210 (bmo#1218326)
    Use-after-free in WebRTC when datachannel is used after being
    destroyed
  * MFSA 2015-139/CVE-2015-7212 (bmo#1222809)
    Integer overflow allocating extremely large textures
  * MFSA 2015-145/CVE-2015-7205 (bmo#1220493)
    Underflow through code inspection
  * MFSA 2015-146/CVE-2015-7213 (bmo#1206211)
    Integer overflow in MP4 playback in 64-bit versions
  * MFSA 2015-147/CVE-2015-7222 (bmo#1216748)
    Integer underflow and buffer overflow processing MP4 metadata in
    libstagefright
  * MFSA 2015-149/CVE-2015-7214 (bmo#1228950)
    Cross-site reading attack through data and view-source URIs
-------------------------------------------------------------------
Tue Nov 17 07:58:43 UTC 2015 - wr@rosenauer.org
- update to Thunderbird 38.4.0 (bnc#952810)
  * MFSA 2015-116/CVE-2015-4513/CVE-2015-4514
    Miscellaneous memory safety hazards
  * MFSA 2015-122/CVE-2015-7188 (bmo#1199430)
    Trailing whitespace in IP address hostnames can bypass same-origin policy
  * MFSA 2015-123/CVE-2015-7189 (bmo#1205900)
    Buffer overflow during image interactions in canvas
  * MFSA 2015-127/CVE-2015-7193 (bmo#1210302)
    CORS preflight is bypassed when non-standard Content-Type headers
    are received
  * MFSA 2015-128/CVE-2015-7194 (bmo#1211262)
    Memory corruption in libjar through zip files
  * MFSA 2015-130/CVE-2015-7196 (bmo#1140616)
    JavaScript garbage collection crash with Java applet
  * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200
    (bmo#1188010, bmo#1204061, bmo#1204155)
    Vulnerabilities found through code inspection
  * MFSA 2015-132/CVE-2015-7197 (bmo#1204269)
    Mixed content WebSocket policy bypass through workers
  * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183
    (bmo#1202868, bmo#1205157)
    NSS and NSPR memory corruption issues
    (fixed in mozilla-nspr and mozilla-nss packages)
- requires NSPR 4.10.10 and NSS 3.19.2.1
- added explicit appdata provides (bnc#952325)
-------------------------------------------------------------------
Mon Oct  5 12:44:39 UTC 2015 - dmueller@suse.com
- fix build on aarch64 by reusing the crashreporter conditional
  from MozillaFirefox
-------------------------------------------------------------------
Mon Sep 28 18:00:50 UTC 2015 - wr@rosenauer.org
- update to Thunderbird 38.3.0 (bnc#947003)
  * MFSA 2015-96/CVE-2015-4500
    Miscellaneous memory safety hazards
  * MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only)
    Arbitrary file manipulation by local user through Mozilla updater
  * MFSA 2015-101/CVE-2015-4506 (bmo#1192226)
    Buffer overflow in libvpx while parsing vp9 format video
  * MFSA 2015-105/CVE-2015-4511 (bmo#1200148)
    Buffer overflow while decoding WebM video
  * MFSA 2015-106/CVE-2015-4509 (bmo#1198435)
    Use-after-free while manipulating HTML media content
  * MFSA 2015-110/CVE-2015-4519 (bmo#1189814)
    Dragging and dropping images exposes final URL after redirects
  * MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869)
    Errors in the handling of CORS preflight request headers
  * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/
    CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/
    CVE-2015-7180
    Vulnerabilities found through code inspection
  * MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860,
    bmo#1190526) (Windows only)
    Memory safety errors in libGLES in the ANGLE graphics library
- rebased patches
-------------------------------------------------------------------
Sat Aug 15 11:41:30 UTC 2015 - wr@rosenauer.org
- update to Thunderbird 38.2.0 (bnc#940806)
  * MFSA 2015-79/CVE-2015-4473
    Miscellaneous memory safety hazards
  * MFSA 2015-80/CVE-2015-4475 (bmo#1175396)
    Out-of-bounds read with malformed MP3 file
  * MFSA 2015-82/CVE-2015-4478 (bmo#1105914)
    Redefinition of non-configurable JavaScript object properties
  * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493
    Overflow issues in libstagefright
  * MFSA 2015-84/CVE-2015-4481 (bmo1171518)
    Arbitrary file overwriting through Mozilla Maintenance Service
    with hard links (only affected Windows)
  * MFSA 2015-85/CVE-2015-4482 (bmo#1184500)
    Out-of-bounds write with Updater and malicious MAR file
    (does not affect openSUSE RPM packages which do not ship the
     updater)
  * MFSA 2015-87/CVE-2015-4484 (bmo#1171540)
    Crash when using shared memory in JavaScript
  * MFSA 2015-88/CVE-2015-4491 (bmo#1184009)
    Heap overflow in gdk-pixbuf when scaling bitmap images
  * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148)
    Buffer overflows on Libvpx when decoding WebM video
  * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489
    Vulnerabilities found through code inspection
  * MFSA 2015-92/CVE-2015-4492 (bmo#1185820)
    Use-after-free in XMLHttpRequest with shared workers
-------------------------------------------------------------------
Wed Jul  8 07:10:59 UTC 2015 - wr@rosenauer.org
- update to Thunderbird 38.1.0 (bnc#935979)
  * MFSA 2015-59/CVE-2015-2724/CVE-2015-2725
    Miscellaneous memory safety hazards
  * MFSA 2015-60/CVE-2015-2727 (bmo#1163422)
    Local files or privileged URLs in pages can be opened into new tabs
  * MFSA 2015-61/CVE-2015-2728 (bmo#1142210)
    Type confusion in Indexed Database Manager
  * MFSA 2015-62/CVE-2015-2729 (bmo#1122218)
    Out-of-bound read while computing an oscillator rendering range in Web Audio
  * MFSA 2015-63/CVE-2015-2731 (bmo#1149891)
    Use-after-free in Content Policy due to microtask execution error
  * MFSA 2015-64/CVE-2015-2730 (bmo#1125025)
    ECDSA signature validation fails to handle some signatures correctly
    (this fix is shipped by NSS 3.19.1 externally)
  * MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867)
    Use-after-free in workers while using XMLHttpRequest
  * MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737
    CVE-2015-2738/CVE-2015-2739/CVE-2015-2740
    Vulnerabilities found through code inspection
  * MFSA 2015-67/CVE-2015-2741 (bmo#1147497)
    Key pinning is ignored when overridable errors are encountered
  * MFSA 2015-69/CVE-2015-2743 (bmo#1163109)
    Privilege escalation in PDF.js
  * MFSA 2015-70/CVE-2015-4000 (bmo#1138554)
    NSS accepts export-length DHE keys with regular DHE cipher suites
    (this fix is shipped by NSS 3.19.1 externally)
  * MFSA 2015-71/CVE-2015-2721 (bmo#1086145)
    NSS incorrectly permits skipping of ServerKeyExchange
    (this fix is shipped by NSS 3.19.1 externally)
- requires NSS 3.19.2
-------------------------------------------------------------------
Fri Jun 19 17:00:11 UTC 2015 - wr@rosenauer.org
- update to Thunderbird 38.0.1
  * includes Lightning as default extension
- rebased patches
- removed obsolete patches:
  * mozilla-ppc.patch
  * mozilla-nullptr-gcc45.patch
  * mozilla-bug1024492.patch
- dropped openSUSE specific patches
  * thunderbird-shared-nss-db.patch
  * mozilla-shared-nss-db.patch
    the provided feature seems not to be used and its maintenance
    is not worth the ongoing efforts
- tb-develdirs.patch is now mozilla-develdirs.patch as it is a
  platform configuration now
--------------------------------------------------------------------
Thu Jun 18 10:30:18 UTC 2015 - schwab@suse.de
- mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration
-------------------------------------------------------------------
Thu May 28 10:28:13 UTC 2015 - dmueller@suse.com
- add mozilla-bug1024492.patch:
  * Fixes build against GCC 5.x
-------------------------------------------------------------------
Sat May  9 07:22:49 UTC 2015 - wr@rosenauer.org
- update to Thunderbird 31.7.0 (bnc#930622)
  * MFSA 2015-46/CVE-2015-2708
    Miscellaneous memory safety hazards
  * MFSA 2015-47/VE-2015-0797 (bmo#1080995)
    Buffer overflow parsing H.264 video with Linux Gstreamer
  * MFSA 2015-48/CVE-2015-2710 (bmo#1149542)
    Buffer overflow with SVG content and CSS
  * MFSA 2015-51/CVE-2015-2713 (bmo#1153478)
    Use-after-free during text processing with vertical text enabled
  * MFSA 2015-54/CVE-2015-2716 (bmo#1140537)
    Buffer overflow when parsing compressed XML
  * MFSA 2015-57/CVE-2011-3079 (bmo#1087565)
    Privilege escalation through IPC channel messages
-------------------------------------------------------------------
Tue Mar 31 05:02:16 UTC 2015 - wr@rosenauer.org
- update to Thunderbird 31.6.0 (bnc#925368)
  * MFSA 2015-30/CVE-2015-0815
    Miscellaneous memory safety hazards
  * MFSA 2015-31/CVE-2015-0813 (bmo#1106596))
    Use-after-free when using the Fluendo MP3 GStreamer plugin
  * MFSA 2015-33/CVE-2015-0816 (bmo#1144991)
    resource:// documents can load privileged pages
  * MFSA-2015-37/CVE-2015-0807 (bmo#1111834)
    CORS requests should not follow 30x redirections after preflight
  * MFSA-2015-40/CVE-2015-0801 (bmo#1146339)
    Same-origin bypass through anchor navigation
-------------------------------------------------------------------
Mon Feb 23 12:42:57 UTC 2015 - wr@rosenauer.org
- update to Thunderbird 31.5.0 (bnc#917597)
  * MFSA 2015-11/CVE-2015-0836
    Miscellaneous memory safety hazards
  * MFSA 2015-12/CVE-2015-0833 (bmo#945192)
    Invoking Mozilla updater will load locally stored DLL files
    (Windows only)
  * MFSA 2015-16/CVE-2015-0831 (bmo#1130514)
    Use-after-free in IndexedDB
  * MFSA 2015-19/CVE-2015-0827 (bmo#1117304)
    Out-of-bounds read and write while rendering SVG content
  * MFSA 2015-24/CVE-2015-0822 (bmo#1110557)
    Reading of local files through manipulation of form autocomplete
-------------------------------------------------------------------
Sat Jan 10 18:33:52 UTC 2015 - wr@rosenauer.org
- update to Thunderbird 31.4.0 (bnc#910669)
  * MFSA 2015-01/CVE-2014-8634/CVE-2014-8635
    Miscellaneous memory safety hazards
  * MFSA 2015-03/CVE-2014-8638 (bmo#1080987)
    sendBeacon requests lack an Origin header
  * MFSA 2015-04/CVE-2014-8639 (bmo#1095859)
    Cookie injection through Proxy Authenticate responses
- added mozilla-icu-strncat.patch to fix post build checks
-------------------------------------------------------------------
Sun Nov 30 08:37:33 UTC 2014 - wr@rosenauer.org
- update to Thunderbird 31.3.0 (bnc#908009)
  * MFSA 2014-83/CVE-2014-1587
    Miscellaneous memory safety hazards
  * MFSA 2014-85/CVE-2014-1590 (bmo#1087633)
    XMLHttpRequest crashes with some input streams
  * MFSA 2014-87/CVE-2014-1592 (bmo#1088635)
    Use-after-free during HTML5 parsing
  * MFSA 2014-88/CVE-2014-1593 (bmo#1085175)
    Buffer overflow while parsing media content
  * MFSA 2014-89/CVE-2014-1594 (bmo#1074280)
    Bad casting from the BasicThebesLayer to BasicContainerLayer
-------------------------------------------------------------------
Sun Nov 16 21:22:00 UTC 2014 - Led <ledest@gmail.com>
- fix bashism in mozilla.sh script
-------------------------------------------------------------------
Tue Nov  4 08:16:43 UTC 2014 - guillaume@opensuse.org
- Limit RAM usage during link for ARM
-------------------------------------------------------------------
Sat Oct 25 18:41:27 UTC 2014 - wr@rosenauer.org
- remove add-plugins.sh and use /usr/share/myspell directly
  (bnc#900639)
-------------------------------------------------------------------
Sun Oct 12 22:47:42 UTC 2014 - wr@rosenauer.org
- update to Thunderbird 31.2.0 (bnc#900941)
  * MFSA 2014-74/CVE-2014-1574
    Miscellaneous memory safety hazards
  * MFSA 2014-75/CVE-2014-1576 (bmo#1041512)
    Buffer overflow during CSS manipulation
  * MFSA 2014-76/CVE-2014-1577 (bmo#1012609)
    Web Audio memory corruption issues with custom waveforms
  * MFSA 2014-77/CVE-2014-1578 (bmo#1063327)
    Out-of-bounds write with WebM video
  * MFSA 2014-79/CVE-2014-1581 (bmo#1068218)
    Use-after-free interacting with text directionality
  * MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981)
    Inconsistent video sharing within iframe
- added basic appdata definition
-------------------------------------------------------------------
Wed Sep 24 09:15:02 UTC 2014 - wr@rosenauer.org
- update to Thunderbird 31.1.2
-------------------------------------------------------------------
Tue Sep  9 12:53:41 UTC 2014 - wolfgang@rosenauer.org
- update to Thunderbird 31.1.1
  * Fixed an issue where mailing lists with spaces in their names
    couldn't be autocompleted (bmo#1060901)
  * Fixed an occasional startup crash (bmo#1005336)
-------------------------------------------------------------------
Fri Aug 29 13:02:19 UTC 2014 - wr@rosenauer.org
- update to Thunderbird 31.1.0 (bnc#894370)
  * MFSA 2014-67/CVE-2014-1553/CVE-2014-1562
    Miscellaneous memory safety hazards
  * MFSA 2014-68/CVE-2014-1563 (bmo#1018524)
    Use-after-free during DOM interactions with SVG
  * MFSA 2014-69/CVE-2014-1564 (bmo#1045977)
    Uninitialized memory use during GIF rendering
  * MFSA 2014-70/CVE-2014-1565 (bmo#1047831)
    Out-of-bounds read in Web Audio audio timeline
  * MFSA 2014-72/CVE-2014-1567 (bmo#1037641)
    Use-after-free setting text directionality
- added mozilla-nullptr-gcc45.patch to build on gcc 4.5 dists
  (e.g. openSUSE 11.4)
-------------------------------------------------------------------
Sun Jul 27 20:25:46 UTC 2014 - wr@rosenauer.org
- update to Thunderbird 31.0
  * based on Gecko 31
  * Autocompleting email addresses now matches against any part of
    the name or email
  * Composing a mail to a newsgroup will now autocomplete newsgroup
    names
  * Insecure NTLM (pre-NTLMv2) authentication disabled
- rebased patches
- removed enigmail entirely from source package
- removed obsolete patches
  * libffi-ppc64le.patch
  * ppc64le-support.patch
  * xpcom-ppc64le.patch
- use GStreamer 1.0 after 13.1
- switched source archives to use xz instead of bz2
-------------------------------------------------------------------
Sun Jul 20 15:59:49 UTC 2014 - wr@rosenauer.org
- update to Thunderbird 24.7.0 (bnc#887746)
  * MFSA 2014-56/CVE-2014-1547/CVE-2014-1548
    Miscellaneous memory safety hazards
  * MFSA 2014-61/CVE-2014-1555 (bmo#1023121)
    Use-after-free with FireOnStateChange event
  * MFSA 2014-62/CVE-2014-1556 (bmo#1028891)
    Exploitable WebGL crash with Cesium JavaScript library
  * MFSA 2014-63/CVE-2014-1544 (bmo#963150)
    Use-after-free while when manipulating certificates in the trusted cache
    (solved with NSS 3.16.2 requirement)
  * MFSA 2014-64/CVE-2014-1557 (bmo#913805)
    Crash in Skia library when scaling high quality images
- disabled enigmail build as with version 1.7 it's a standalone
  source package
-------------------------------------------------------------------
Sat Jun  7 09:07:06 UTC 2014 - wr@rosenauer.org
- update to Thunderbird 24.6.0 (bnc#881874)
  * MFSA 2014-48/CVE-2014-1533/CVE-2014-1534
    (bmo#921622, bmo#967354, bmo#969517, bmo#969549, bmo#973874,
     bmo#978652, bmo#978811, bmo#988719, bmo#990868, bmo#991981,
     bmo#992274, bmo#994907, bmo#995679, bmo#995816, bmo#995817,
     bmo#996536, bmo#996715, bmo#999651, bmo#1000598,
     bmo#1000960, bmo#1002340, bmo#1005578, bmo#1007223,
     bmo#1009952, bmo#1011007)
    Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)
  * MFSA 2014-49/CVE-2014-1536/CVE-2014-1537/CVE-2014-1538
    (bmo#989994, bmo#999274, bmo#1005584)
    Use-after-free and out of bounds issues found using Address Sanitizer
  * MFSA 2014-52/CVE-2014-1541 (bmo#1000185)
    Use-after-free with SMIL Animation Controller
  * MFSA 2014-55/CVE-2014-1545 (bmo#1018783)
    Out of bounds write in NSPR
- require NSPR 4.10.6 because of MFSA 2014-55/CVE-2014-1545
-------------------------------------------------------------------
Fri Apr 25 09:41:14 UTC 2014 - wr@rosenauer.org
- update to Thunderbird 24.5.0 (bnc#875378)
  * MFSA 2014-34/CVE-2014-1518
    Miscellaneous memory safety hazards
  * MFSA 2014-37/CVE-2014-1523 (bmo#969226)
    Out of bounds read while decoding JPG images
  * MFSA 2014-38/CVE-2014-1524 (bmo#989183)
    Buffer overflow when using non-XBL object as XBL
  * MFSA 2014-42/CVE-2014-1529 (bmo#987003)
    Privilege escalation through Web Notification API
  * MFSA 2014-43/CVE-2014-1530 (bmo#895557)
    Cross-site scripting (XSS) using history navigations
  * MFSA 2014-44/CVE-2014-1531 (bmo#987140)
    Use-after-free in imgLoader while resizing images
  * MFSA 2014-46/CVE-2014-1532 (bmo#966006)
    Use-after-free in nsHostResolver
- use shipped-locales as the authoritative source for supported
  locales (some unsupported locales disappear from -other package)
-------------------------------------------------------------------
Tue Mar 18 21:45:43 UTC 2014 - wr@rosenauer.org
- update to Thunderbird 24.4.0 (bnc#868603)
  * MFSA 2014-15/CVE-2014-1493/CVE-2014-1494
    Miscellaneous memory safety hazards
  * MFSA 2014-17/CVE-2014-1497 (bmo#966311)
    Out of bounds read during WAV file decoding
  * MFSA 2014-26/CVE-2014-1508 (bmo#963198)
    Information disclosure through polygon rendering in MathML
  * MFSA 2014-27/CVE-2014-1509 (bmo#966021)
    Memory corruption in Cairo during PDF font rendering
  * MFSA 2014-28/CVE-2014-1505 (bmo#941887)
    SVG filters information disclosure through feDisplacementMap
  * MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906, bmo#982909)
    Privilege escalation using WebIDL-implemented APIs
  * MFSA 2014-30/CVE-2014-1512 (bmo#982957)
    Use-after-free in TypeObject
  * MFSA 2014-31/CVE-2014-1513 (bmo#982974)
    Out-of-bounds read/write through neutering ArrayBuffer objects
  * MFSA 2014-32/CVE-2014-1514 (bmo#983344)
    Out-of-bounds write through TypedArrayObject after neutering
-------------------------------------------------------------------
Mon Feb  3 16:07:28 UTC 2014 - wr@rosenauer.org
- update to Thunderbird 24.3.0 (bnc#861847)
  * MFSA 2014-01/CVE-2014-1477/CVE-2014-1478
    Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
  * MFSA 2014-02/CVE-2014-1479 (bmo#911864)
    Clone protected content with XBL scopes
  * MFSA 2014-04/CVE-2014-1482 (bmo#943803)
    Incorrect use of discarded images by RasterImage
  * MFSA 2014-08/CVE-2014-1486 (bmo#942164)
    Use-after-free with imgRequestProxy and image proccessing
  * MFSA 2014-09/CVE-2014-1487 (bmo#947592)
    Cross-origin information leak through web workers
  * MFSA 2014-12/CVE-2014-1490/CVE-2014-1491
    (bmo#934545, bmo#930874, bmo#930857)
    NSS ticket handling issues
  * MFSA 2014-13/CVE-2014-1481(bmo#936056)
    Inconsistent JavaScript handling of access to Window objects
- requires NSS 3.15.4
- renamed ppc64le patches to streamline with Firefox package
-------------------------------------------------------------------
Fri Dec 13 21:29:16 UTC 2013 - uweigand@de.ibm.com
- Add support for powerpc64le-linux.
  * ppc64le-support.patch: general support
  * libffi-ppc64le.patch: libffi backport
  * xpcom-ppc64le.patch: port xpcom
-------------------------------------------------------------------
Sun Dec  8 10:18:03 UTC 2013 - wr@rosenauer.org
- update to Thunderbird 24.2.0 (bnc#854370)
  * requires NSS 3.15.3.1 or higher
  * MFSA 2013-104/CVE-2013-5609/CVE-2013-5610
    Miscellaneous memory safety hazards
  * MFSA 2013-108/CVE-2013-5616 (bmo#938341)
    Use-after-free in event listeners
  * MFSA 2013-109/CVE-2013-5618 (bmo#926361)
    Use-after-free during Table Editing
  * MFSA 2013-111/CVE-2013-6671 (bmo#930281)
    Segmentation violation when replacing ordered list elements
  * MFSA 2013-113/CVE-2013-6673 (bmo#970380)
    Trust settings for built-in roots ignored during EV certificate
    validation
  * MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449)
    Use-after-free in synthetic mouse movement
  * MFSA 2013-115/CVE-2013-5615 (bmo#929261)
    GetElementIC typed array stubs can be generated outside observed
    typesets
  * MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693)
    JPEG information leak
  * MFSA 2013-117 (bmo#946351)
    Mis-issued ANSSI/DCSSI certificate
    (fixed via NSS 3.15.3.1)
-------------------------------------------------------------------
Tue Nov 19 08:08:00 UTC 2013 - wr@rosenauer.org
- update to Thunderbird 24.1.1
  * requires NSPR 4.10.2 and NSS 3.15.3 for security reasons
  * fix binary compatibility issues for patch level updates
    (bmo#927073)
-------------------------------------------------------------------
Thu Oct 24 17:18:23 UTC 2013 - wr@rosenauer.org
- update to Thunderbird 24.1.0 (bnc#847708)
  * requires NSS 3.15.2 or above
  * MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592
    Miscellaneous memory safety hazards
  * MFSA 2013-94/CVE-2013-5593 (bmo#868327)
    Spoofing addressbar through SELECT element
  * MFSA 2013-95/CVE-2013-5604 (bmo#914017)
    Access violation with XSLT and uninitialized data
  * MFSA 2013-96/CVE-2013-5595 (bmo#916580)
    Improperly initialized memory and overflows in some JavaScript
    functions
  * MFSA 2013-97/CVE-2013-5596 (bmo#910881)
    Writing to cycle collected object during image decoding
  * MFSA 2013-98/CVE-2013-5597 (bmo#918864)
    Use-after-free when updating offline cache
  * MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601
    (bmo#915210, bmo#915576, bmo#916685)
    Miscellaneous use-after-free issues found through ASAN fuzzing
  * MFSA 2013-101/CVE-2013-5602 (bmo#897678)
    Memory corruption in workers
  * MFSA 2013-102/CVE-2013-5603 (bmo#916404)
    Use-after-free in HTML document templates
-------------------------------------------------------------------
Thu Oct 10 14:43:22 UTC 2013 - wr@rosenauer.org
- update to Thunderbird 24.0.1
  * fqdn for smtp server name was not accepted (bmo#913785)
  * fixed crash in PL_strncasecmp (bmo#917955)
- update Enigmail to 1.6
  * The passphrase timeout configuration in Enigmail is now read and
    written from/to gpg-agent.
  * New dialog to change the expiry date of keys
  * New function to search for the OpenPGP keys of all Address Book
    entries on a keyserver
  * removed obsolete enigmail-build.patch
-------------------------------------------------------------------
Sat Sep 14 20:32:28 UTC 2013 - wr@rosenauer.org
- update to Thunderbird 24.0 (bnc#840485)
  * MFSA 2013-76/CVE-2013-1718/CVE-2013-1719
    Miscellaneous memory safety hazards
  * MFSA 2013-77/CVE-2013-1720 (bmo#888820)
    Improper state in HTML5 Tree Builder with templates
  * MFSA 2013-79/CVE-2013-1722 (bmo#893308)
    Use-after-free in Animation Manager during stylesheet cloning
  * MFSA 2013-80/CVE-2013-1723 (bmo#891292)
    NativeKey continues handling key messages after widget is destroyed
  * MFSA 2013-81/CVE-2013-1724 (bmo#894137)
    Use-after-free with select element
  * MFSA 2013-82/CVE-2013-1725 (bmo#876762)
    Calling scope for new Javascript objects can lead to memory corruption
  * MFSA 2013-85/CVE-2013-1728 (bmo#883686)
    Uninitialized data in IonMonkey
  * MFSA 2013-88/CVE-2013-1730 (bmo#851353)
    Compartment mismatch re-attaching XBL-backed nodes
  * MFSA 2013-89/CVE-2013-1732 (bmo#883514)
    Buffer overflow with multi-column, lists, and floats
  * MFSA 2013-90/CVE-2013-1735/CVE-2013-1736 (bmo#898871, bmo#906301)
    Memory corruption involving scrolling
  * MFSA 2013-91/CVE-2013-1737 (bmo#907727)
    User-defined properties on DOM proxies get the wrong "this" object
  * MFSA 2013-92/CVE-2013-1738 (bmo#887334, bmo#882897)
    GC hazard with default compartments and frame chain restoration
- moved greek to common translation package
- require NSPR 4.10 and NSS 3.15.1
- add GStreamer build requirements for Gecko
- added enigmail-build.patch to fix TB packaging (bmo#886095)
- removed obsolete patches:
  * enigmail-old-gcc.patch
  * mozilla-gcc43-enums.patch
  * mozilla-gcc43-template_hacks.patch
  * mozilla-gcc43-templates_instantiation.patch
  * ppc-xpcshell.patch
-------------------------------------------------------------------
Fri Aug  2 06:01:03 UTC 2013 - wr@rosenauer.org
- update to Thunderbird 17.0.8 (bnc#833389)
  * MFSA 2013-63/CVE-2013-1701
    Miscellaneous memory safety hazards
  * MFSA 2013-68/CVE-2013-1709 (bmo#838253)
    Document URI misrepresentation and masquerading
  * MFSA 2013-69/CVE-2013-1710 (bmo#871368)
    CRMF requests allow for code execution and XSS attacks
  * MFSA 2013-72/CVE-2013-1713 (bmo#887098)
    Wrong principal used for validating URI for some Javascript
    components
  * MFSA 2013-73/CVE-2013-1714 (bmo#879787)
    Same-origin bypass with web workers and XMLHttpRequest
  * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397)
    Local Java applets may read contents of local file system
-------------------------------------------------------------------
Wed Jul 17 17:28:39 UTC 2013 - wr@rosenauer.org
- update Enigmail to 1.5.2
  * bugfix release
-------------------------------------------------------------------
Mon Jun 24 10:17:22 UTC 2013 - wr@rosenauer.org
- update to Thunderbird 17.0.7 (bnc#825935)
  * MFSA 2013-49/CVE-2013-1682
    Miscellaneous memory safety hazards
  * MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686
    Memory corruption found using Address Sanitizer
  * MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823)
    Privileged content access and execution via XBL
  * MFSA 2013-53/CVE-2013-1690 (bmo#857883)
    Execution of unmapped memory through onreadystatechange event
  * MFSA 2013-54/CVE-2013-1692 (bmo#866915)
    Data in the body of XHR HEAD requests leads to CSRF attacks
  * MFSA 2013-55/CVE-2013-1693 (bmo#711043)
    SVG filters can lead to information disclosure
  * MFSA 2013-56/CVE-2013-1694 (bmo#848535)
    PreserveWrapper has inconsistent behavior
  * MFSA 2013-59/CVE-2013-1697 (bmo#858101)
    XrayWrappers can be bypassed to run user defined methods in a
    privileged context
-------------------------------------------------------------------
Tue Jun  4 20:41:42 UTC 2013 - dvaleev@suse.com
- prevent xpc-shell crashing on powerpc
  ppc-xpcshell.patch
-------------------------------------------------------------------
Sat May 11 08:46:37 UTC 2013 - wr@rosenauer.org
- update to Thunderbird 17.0.6 (bnc#819204)
  * MFSA 2013-41/CVE-2013-0801/CVE-2013-1669
    Miscellaneous memory safety hazards
  * MFSA 2013-42/CVE-2013-1670 (bmo#853709)
    Privileged access for content level constructor
  * MFSA 2013-46/CVE-2013-1674 (bmo#860971)
    Use-after-free with video and onresize event
  * MFSA 2013-47/CVE-2013-1675 (bmo#866825)
    Uninitialized functions in DOMSVGZoomEvent
  * MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/
    CVE-2013-1679/CVE-2013-1680/CVE-2013-1681
    Memory corruption found using Address Sanitizer
-------------------------------------------------------------------
Fri Mar 29 18:25:38 UTC 2013 - wr@rosenauer.org
- update to Thunderbird 17.0.5 (bnc#813026)
  * requires NSPR 4.9.5 and NSS 3.14.3
  * MFSA 2013-30/CVE-2013-0788/CVE-2013-0789
    Miscellaneous memory safety hazards
  * MFSA 2013-31/CVE-2013-0800 (bmo#825721)
    Out-of-bounds write in Cairo library
  * MFSA 2013-35/CVE-2013-0796 (bmo#827106)
    WebGL crash with Mesa graphics driver on Linux
  * MFSA 2013-36/CVE-2013-0795 (bmo#825697)
    Bypass of SOW protections allows cloning of protected nodes
  * MFSA 2013-38/CVE-2013-0793 (bmo#803870)
    Cross-site scripting (XSS) using timed history navigations
-------------------------------------------------------------------
Fri Mar  8 10:35:29 UTC 2013 - wr@rosenauer.org
- update to Thunderbird 17.0.4 (bnc#808243)
  * MFSA 2013-29/CVE-2013-0787 (bmo#848644)
    Use-after-free in HTML Editor
-------------------------------------------------------------------
Sun Feb 17 12:09:06 UTC 2013 - wr@rosenauer.org
- update to Thunderbird 17.0.3 (bnc#804248)
  * MFSA 2013-21/CVE-2013-0783
    Miscellaneous memory safety hazards
  * MFSA 2013-24/CVE-2013-0773 (bmo#809652)
    Web content bypass of COW and SOW security wrappers
  * MFSA 2013-25/CVE-2013-0774 (bmo#827193)
    Privacy leak in JavaScript Workers
  * MFSA 2013-26/CVE-2013-0775 (bmo#831095)
    Use-after-free in nsImageLoadingContent
  * MFSA 2013-27/CVE-2013-0776 (bmo#796475)
    Phishing on HTTPS connection through malicious proxy
  * MFSA 2013-28/CVE-2013-0780/CVE-2013-0782
    Use-after-free, out of bounds read, and buffer overflow issues
    found using Address Sanitizer
-------------------------------------------------------------------
Mon Feb 11 08:25:24 UTC 2013 - wr@rosenauer.org
- update Enigmail to 1.5.1
  * The release fixes the regressions found in the past few
    weeks
-------------------------------------------------------------------
Sat Jan  5 12:40:00 UTC 2013 - wr@rosenauer.org
- update to Thunderbird 17.0.2 (bnc#796895)
  * MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770
    Miscellaneous memory safety hazards
  * MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0767
    CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829
    Use-after-free and buffer overflow issues found using Address Sanitizer
  * MFSA 2013-03/CVE-2013-0768 (bmo#815795)
    Buffer Overflow in Canvas
  * MFSA 2013-04/CVE-2012-0759 (bmo#802026)
    URL spoofing in addressbar during page loads
  * MFSA 2013-05/CVE-2013-0744 (bmo#814713)
    Use-after-free when displaying table with many columns and column groups
  * MFSA 2013-07/CVE-2013-0764 (bmo#804237)
    Crash due to handling of SSL on threads
  * MFSA 2013-08/CVE-2013-0745 (bmo#794158)
    AutoWrapperChanger fails to keep objects alive during garbage collection
  * MFSA 2013-09/CVE-2013-0746 (bmo#816842)
    Compartment mismatch with quickstubs returned values
  * MFSA 2013-10/CVE-2013-0747 (bmo#733305)
    Event manipulation in plugin handler to bypass same-origin policy
  * MFSA 2013-11/CVE-2013-0748 (bmo#806031)
    Address space layout leaked in XBL objects
  * MFSA 2013-12/CVE-2013-0750 (bmo#805121)
    Buffer overflow in Javascript string concatenation
  * MFSA 2013-13/CVE-2013-0752 (bmo#805024)
    Memory corruption in XBL with XML bindings containing SVG
  * MFSA 2013-14/CVE-2013-0757 (bmo#813901)
    Chrome Object Wrapper (COW) bypass through changing prototype
  * MFSA 2013-15/CVE-2013-0758 (bmo#813906)
    Privilege escalation through plugin objects
  * MFSA 2013-16/CVE-2013-0753 (bmo#814001)
    Use-after-free in serializeToStream
  * MFSA 2013-17/CVE-2013-0754 (bmo#814026)
    Use-after-free in ListenerManager
  * MFSA 2013-18/CVE-2013-0755 (bmo#814027)
    Use-after-free in Vibrate
  * MFSA 2013-19/CVE-2013-0756 (bmo#814029)
    Use-after-free in Javascript Proxy objects
- requires NSS 3.14.1 (MFSA 2013-20, CVE-2013-0743)
- update Enigmail to 1.5.0
-------------------------------------------------------------------
Mon Nov 26 11:10:11 UTC 2012 - wr@rosenauer.org
- fix KDE integration for file dialogs
- fix some rpmlint warnings (mkdir.done files)
- build on SLE11
  * mozilla-gcc43-enums.patch
  * mozilla-gcc43-template_hacks.patch
  * mozilla-gcc43-templates_instantiation.patch
-------------------------------------------------------------------
Tue Nov 20 20:42:04 UTC 2012 - wr@rosenauer.org
- update to Thunderbird 17.0 (bnc#790140)
  * MFSA 2012-91/CVE-2012-5842/CVE-2012-5843
    Miscellaneous memory safety hazards
  * MFSA 2012-92/CVE-2012-4202 (bmo#758200)
    Buffer overflow while rendering GIF images
  * MFSA 2012-93/CVE-2012-4201 (bmo#747607)
    evalInSanbox location context incorrectly applied
  * MFSA 2012-94/CVE-2012-5836 (bmo#792857)
    Crash when combining SVG text on path with CSS
  * MFSA 2012-96/CVE-2012-4204 (bmo#778603)
    Memory corruption in str_unescape
  * MFSA 2012-97/CVE-2012-4205 (bmo#779821)
    XMLHttpRequest inherits incorrect principal within sandbox
  * MFSA 2012-99/CVE-2012-4208 (bmo#798264)
    XrayWrappers exposes chrome-only properties when not in chrome
    compartment
  * MFSA 2012-100/CVE-2012-5841 (bmo#805807)
    Improper security filtering for cross-origin wrappers
  * MFSA 2012-101/CVE-2012-4207 (bmo#801681)
    Improper character decoding in HZ-GB-2312 charset
  * MFSA 2012-102/CVE-2012-5837 (bmo#800363)
    Script entered into Developer Toolbar runs with chrome privileges
  * MFSA 2012-103/CVE-2012-4209 (bmo#792405)
    Frames can shadow top.location
  * MFSA 2012-105/CVE-2012-4214/CVE-2012-4215/CVE-2012-4216/
    CVE-2012-5829/CVE-2012-5839/CVE-2012-5840/CVE-2012-4212/
    CVE-2012-4213/CVE-2012-4217/CVE-2012-4218
    Use-after-free and buffer overflow issues found using Address
    Sanitizer
  * MFSA 2012-106/CVE-2012-5830/CVE-2012-5833/CVE-2012-5835/CVE-2012-5838
    Use-after-free, buffer overflow, and memory corruption issues
    found using Address Sanitizer
- rebased patches
- disabled WebRTC since build is broken (bmo#776877)
- update Enigmail to 1.4.6
-------------------------------------------------------------------
Sat Oct 27 08:58:22 UTC 2012 - wr@rosenauer.org
- update to Thunderbird 16.0.2 (bnc#786522)
  * MFSA 2012-90/CVE-2012-4194/CVE-2012-4195/CVE-2012-4196
    (bmo#800666, bmo#793121, bmo#802557)
    Fixes for Location object issues
-------------------------------------------------------------------
Thu Oct 11 03:16:52 UTC 2012 - wr@rosenauer.org
- update to Thunderbird 16.0.1 (bnc#783533)
  * MFSA 2012-88/CVE-2012-4191 (bmo#798045)
    Miscellaneous memory safety hazards
  * MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952, bmo#720619)
    defaultValue security checks not applied
-------------------------------------------------------------------
Mon Oct  8 13:27:10 UTC 2012 - wr@rosenauer.org
- update to Thunderbird 16.0 (bnc#783533)
  * MFSA 2012-74/CVE-2012-3982/CVE-2012-3983
    Miscellaneous memory safety hazards
  * MFSA 2012-75/CVE-2012-3984 (bmo#575294)
    select element persistance allows for attacks
  * MFSA 2012-76/CVE-2012-3985 (bmo#655649)
    Continued access to initial origin after setting document.domain
  * MFSA 2012-77/CVE-2012-3986 (bmo#775868)
    Some DOMWindowUtils methods bypass security checks
  * MFSA 2012-79/CVE-2012-3988 (bmo#725770)
    DOS and crash with full screen and history navigation
  * MFSA 2012-80/CVE-2012-3989 (bmo#783867)
    Crash with invalid cast when using instanceof operator
  * MFSA 2012-81/CVE-2012-3991 (bmo#783260)
    GetProperty function can bypass security checks
  * MFSA 2012-82/CVE-2012-3994 (bmo#765527)
    top object and location property accessible by plugins
  * MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370)
    Chrome Object Wrapper (COW) does not disallow acces to privileged
    functions or properties
  * MFSA 2012-84/CVE-2012-3992 (bmo#775009)
    Spoofing and script injection through location.hash
  * MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/
    CVE-2012-4181/CVE-2012-4182/CVE-2012-4183
    Use-after-free, buffer overflow, and out of bounds read issues
    found using Address Sanitizer
  * MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/
    CVE-2012-4188
    Heap memory corruption issues found using Address Sanitizer
  * MFSA 2012-87/CVE-2012-3990 (bmo#787704)
    Use-after-free in the IME State Manager
- update Enigmail to version 1.4.5
-------------------------------------------------------------------
Sun Aug 26 14:59:20 UTC 2012 - wr@rosenauer.org
- update to Thunderbird 15.0 (bnc#777588)
  * MFSA 2012-57/CVE-2012-1970
    Miscellaneous memory safety hazards
  * MFSA 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-2012-1975
    CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/CVE-2012-3959
    CVE-2012-3960/CVE-2012-3961/CVE-2012-3962/CVE-2012-3963/CVE-2012-3964
    Use-after-free issues found using Address Sanitizer
  * MFSA 2012-59/CVE-2012-1956 (bmo#756719)
    Location object can be shadowed using Object.defineProperty
  * MFSA 2012-61/CVE-2012-3966 (bmo#775794, bmo#775793)
    Memory corruption with bitmap format images with negative height
  * MFSA 2012-62/CVE-2012-3967/CVE-2012-3968
    WebGL use-after-free and memory corruption
  * MFSA 2012-63/CVE-2012-3969/CVE-2012-3970
    SVG buffer overflow and use-after-free issues
  * MFSA 2012-64/CVE-2012-3971
    Graphite 2 memory corruption
  * MFSA 2012-65/CVE-2012-3972 (bmo#746855)
    Out-of-bounds read in format-number in XSLT
  * MFSA 2012-68/CVE-2012-3975 (bmo#770684)
    DOMParser loads linked resources in extensions when parsing
    text/html
  * MFSA 2012-70/CVE-2012-3978 (bmo#770429)
    Location object security checks bypassed by chrome code
  * MFSA 2012-72/CVE-2012-3980 (bmo#771859)
    Web console eval capable of executing chrome-privileged code
- update Enigmail to 1.4.4
-------------------------------------------------------------------
Sun Jul 29 07:22:19 UTC 2012 - aj@suse.de
- Fix mozilla-kde.patch to include sys/resource.h for getrlimit etc (glibc 2.16)
-------------------------------------------------------------------
Sun Jul 15 08:06:50 UTC 2012 - wr@rosenauer.org
- update to Thunderbird 14.0 (bnc#771583)
  * MFSA 2012-42/CVE-2012-1949/CVE-2012-1948
    Miscellaneous memory safety hazards
  * MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1952
    Gecko memory corruption
  * MFSA 2012-45/CVE-2012-1955 (bmo#757376)
    Spoofing issue with location
  * MFSA 2012-47/CVE-2012-1957 (bmo#750096)
    Improper filtering of javascript in HTML feed-view
  * MFSA 2012-48/CVE-2012-1958 (bmo#750820)
    use-after-free in nsGlobalWindow::PageHidden
  * MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559)
    Same-compartment Security Wrappers can be bypassed
  * MFSA 2012-50/CVE-2012-1960 (bmo#761014)
    Out of bounds read in QCMS
  * MFSA 2012-51/CVE-2012-1961 (bmo#761655)
    X-Frame-Options header ignored when duplicated
  * MFSA 2012-52/CVE-2012-1962 (bmo#764296)
    JSDependentString::undepend string conversion results in memory
    corruption
  * MFSA 2012-53/CVE-2012-1963 (bmo#767778)
    Content Security Policy 1.0 implementation errors cause data
    leakage
  * MFSA 2012-56/CVE-2012-1967 (bmo#758344)
    Code execution through javascript: URLs
  * relicensed to MPL-2.0
- update Enigmail to 1.4.3
-------------------------------------------------------------------
Thu Jul  5 09:58:15 UTC 2012 - adrian@suse.de
- no crashreport on %arm, fixing build
-------------------------------------------------------------------
Fri Jun 15 07:00:43 UTC 2012 - wr@rosenauer.org
- update to Thunderbird 13.0.1
  * bugfix release
-------------------------------------------------------------------
Sat Jun  2 12:41:08 UTC 2012 - wr@rosenauer.org
- update to Thunderbird 13.0 (bnc#765204)
  * MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101
    Miscellaneous memory safety hazards
  * MFSA 2012-36/CVE-2012-1944 (bmo#751422)
    Content Security Policy inline-script bypass
  * MFSA 2012-37/CVE-2012-1945 (bmo#670514)
    Information disclosure though Windows file shares and shortcut
    files
  * MFSA 2012-38/CVE-2012-1946 (bmo#750109)
    Use-after-free while replacing/inserting a node in a document
  * MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941
    Buffer overflow and use-after-free issues found using Address
    Sanitizer
- require NSS 3.13.4
  * MFSA 2012-39/CVE-2012-0441 (bmo#715073)
- fix build with system NSPR (mozilla-system-nspr.patch)
- add dependentlibs.list for improved XRE startup
- update enigmail to 1.4.2
-------------------------------------------------------------------
Wed May 16 05:38:46 UTC 2012 - wr@rosenauer.org
- reenabled crashreporter for Factory/12.2
  (fix in mozilla-gcc47.patch)
-------------------------------------------------------------------
Mon Apr 30 06:43:26 UTC 2012 - wr@rosenauer.org
- update to Thunderbird 12.0.1
  * fix regressions
    - POP3 filters (bmo#748090)
    - Message Body not loaded when using "Fetch Headers Only"
      (bmo#748865)
    - Received messages contain parts of other messages with
      movemail account (bmo#748726)
    - New mail notification issue (bmo#748997)
    - crash in nsMsgDatabase::MatchDbName (bmo#748432)
-------------------------------------------------------------------
Fri Apr 27 10:22:49 UTC 2012 - wr@rosenauer.org
- fixed build with gcc 4.7
-------------------------------------------------------------------
Sat Apr 21 07:39:28 UTC 2012 - wr@rosenauer.org
- update to Thunderbird 12.0 (bnc#758408)
  * MFSA 2012-20/CVE-2012-0467/CVE-2012-0468
    Miscellaneous memory safety hazards
  * MFSA 2012-22/CVE-2012-0469 (bmo#738985)
    use-after-free in IDBKeyRange
  * MFSA 2012-23/CVE-2012-0470 (bmo#734288)
    Invalid frees causes heap corruption in gfxImageSurface
  * MFSA 2012-24/CVE-2012-0471 (bmo#715319)
    Potential XSS via multibyte content processing errors
  * MFSA 2012-25/CVE-2012-0472 (bmo#744480)
    Potential memory corruption during font rendering using cairo-dwrite
  * MFSA 2012-26/CVE-2012-0473 (bmo#743475)
    WebGL.drawElements may read illegal video memory due to
    FindMaxUshortElement error
  * MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307)
    Page load short-circuit can lead to XSS
  * MFSA 2012-28/CVE-2012-0475 (bmo#694576)
    Ambiguous IPv6 in Origin headers may bypass webserver access
    restrictions
  * MFSA 2012-29/CVE-2012-0477 (bmo#718573)
    Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues
  * MFSA 2012-30/CVE-2012-0478 (bmo#727547)
    Crash with WebGL content using textImage2D
  * MFSA 2012-31/CVE-2011-3062 (bmo#739925)
    Off-by-one error in OpenType Sanitizer
  * MFSA 2012-32/CVE-2011-1187 (bmo#624621)
    HTTP Redirections and remote content can be read by javascript errors
  * MFSA 2012-33/CVE-2012-0479 (bmo#714631)
    Potential site identity spoofing when loading RSS and Atom feeds
- update Enigmail to 1.4.1
- added mozilla-revert_621446.patch
- added mozilla-libnotify.patch (bmo#737646)
- added mailnew-showalert.patch (bmo#739146)
- added mozilla-gcc47.patch and mailnews-literals.patch to fix
  compilation issues with recent gcc 4.7
- disabled crashreporter temporarily for Factory (gcc 4.7 issue)
-------------------------------------------------------------------
Tue Mar 27 22:17:05 UTC 2012 - wr@rosenauer.org
- update to Thunderbird 11.0.1 (bnc#755060)
  * Fixing an issue where filters can get messed up (bmo#735940)
  * Fixes a hang when switching IMAP folders, or doing other
    imap functions (bmo#733731)
-------------------------------------------------------------------
Fri Mar  9 20:42:21 UTC 2012 - wr@rosenauer.org
- update to Thunderbird 11.0 (bnc#750044)
  * MFSA 2012-13/CVE-2012-0455 (bmo#704354)
    XSS with Drag and Drop and Javascript: URL
  * MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103)
    SVG issues found with Address Sanitizer
  * MFSA 2012-15/CVE-2012-0451 (bmo#717511)
    XSS with multiple Content Security Policy headers
  * MFSA 2012-16/CVE-2012-0458
    Escalation of privilege with Javascript: URL as home page
  * MFSA 2012-17/CVE-2012-0459 (bmo#723446)
    Crash when accessing keyframe cssText after dynamic modification
  * MFSA 2012-18/CVE-2012-0460 (bmo#727303)
    window.fullScreen writeable by untrusted content
  * MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/
    CVE-2012-0463
    Miscellaneous memory safety hazards
- update enigmail to 1.4
- added KDE integration patches (bnc#749440)
-------------------------------------------------------------------
Mon Feb 27 17:15:05 CET 2012 - jslaby@suse.de
- update enigmail to 1.3.99 (1.4a1pre)
-------------------------------------------------------------------
Thu Feb 16 10:54:42 UTC 2012 - wr@rosenauer.org
- update to Thunderbird 10.0.2 (bnc#747328)
  * CVE-2011-3026 (bmo#727401)
    libpng: integer overflow leading to heap-buffer overflow
-------------------------------------------------------------------
Thu Feb  9 08:10:32 UTC 2012 - wr@rosenauer.org
- update to version 10.0.1 (bnc#746616)
  * MFSA 2012-10/CVE-2012-0452 (bmo#724284)
    use after free in nsXBLDocumentInfo::ReadPrototypeBindings
- Use YARR interpreter instead of PCRE on platforms where YARR JIT
  is not supported, since PCRE doesnt build (bmo#691898)
- fix ppc64 build (bmo#703534)
-------------------------------------------------------------------
Sun Jan 29 17:31:32 UTC 2012 - wr@rosenauer.org
- update to version 10.0 (bnc#744275)
  * MFSA 2012-01/CVE-2012-0442/CVE-2012-0443
    Miscellaneous memory safety hazards
  * MFSA 2012-03/CVE-2012-0445 (bmo#701071)
    <iframe> element exposed across domains via name attribute
  * MFSA 2012-04/CVE-2011-3659 (bmo#708198)
    Child nodes from nsDOMAttribute still accessible after removal
    of nodes
  * MFSA 2012-05/CVE-2012-0446 (bmo#705651)
    Frame scripts calling into untrusted objects bypass security
    checks
  * MFSA 2012-06/CVE-2012-0447 (bmo#710079)
    Uninitialized memory appended when encoding icon images may
    cause information disclosure
  * MFSA 2012-07/CVE-2012-0444 (bmo#719612)
    Potential Memory Corruption When Decoding Ogg Vorbis files
  * MFSA 2012-08/CVE-2012-0449 (bmo#701806, bmo#702466)
    Crash with malformed embedded XSLT stylesheets
- update enigmail to 1.3.5
- added mozilla-disable-neon-option.patch to be able to disable
  neon on ARM
- removed obsolete PPC64 patch
-------------------------------------------------------------------
Sun Dec 18 09:28:51 UTC 2011 - wr@rosenauer.org
- update to version 9.0 (bnc#737533)
  * MFSA 2011-53/CVE-2011-3660
    Miscellaneous memory safety hazards (rv:9.0)
  * MFSA 2011-54/CVE-2011-3661 (bmo#691299)
    Potentially exploitable crash in the YARR regular expression
    library
  * MFSA 2011-55/CVE-2011-3658 (bmo#708186)
    nsSVGValue out-of-bounds access
  * MFSA 2011-56/CVE-2011-3663 (bmo#704482)
    Key detection without JavaScript via SVG animation
  * MFSA 2011-58/VE-2011-3665 (bmo#701259)
    Crash scaling <video> to extreme sizes
- fixed accessibility under GNOME 3 (bnc#732898)
  (mozilla-a11y.patch)
- do not show update channel in about box
  (tb-no-update-channel.patch)
-------------------------------------------------------------------
Sun Dec  4 08:20:17 UTC 2011 - wr@rosenauer.org
- update enigmail to 1.3.4 (bnc#733002)
  * fixes several regressions from previous release
-------------------------------------------------------------------
Mon Nov 21 21:54:27 UTC 2011 - wr@rosenauer.org
- do not disable system addons
- fixed enigmail localizations
-------------------------------------------------------------------
Mon Nov 21 11:35:56 UTC 2011 - dvaleev@suse.com
- fix powerpc build
- disable crashreporter on ppc and ppc64
-------------------------------------------------------------------
Mon Nov  7 20:23:30 UTC 2011 - wr@rosenauer.org
- update to version 8.0 (bnc#728520)
  * MFSA 2011-47/CVE-2011-3648 (bmo#690225)
    Potential XSS against sites using Shift-JIS
  * MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654
    Miscellaneous memory safety hazards
  * MFSA 2011-49/CVE-2011-3650 (bmo#674776)
    Memory corruption while profiling using Firebug
  * MFSA 2011-52/CVE-2011-3655 (bmo#672182)
    Code execution via NoWaiverWrapper
- rebased patches
- update enigmail to 1.3.3
- update icon cache after install/removal (bnc#726758)
-------------------------------------------------------------------
Fri Sep 30 09:59:15 UTC 2011 - wr@rosenauer.org
- update to minor version 7.0.1
  * fixed staged addon updates
  * Disabled the what's new tab for updaters from 7.0 (bmo#690290)
  * Insert Characters & Symbols fix (bmo#690267)
-------------------------------------------------------------------
Mon Sep 26 09:18:56 UTC 2011 - wr@rosenauer.org
- update to version 7.0 (bnc#720264)
  * MFSA 2011-36
    Miscellaneous memory safety hazards
  * MFSA 2011-39/CVE-2011-3000 (bmo#655389)
    Defense against multiple Location headers due to CRLF Injection
  * MFSA 2011-40/CVE-2011-2372/CVE-2011-3001
    Code installation through holding down Enter
  * MFSA 2011-42/CVE-2011-3232
    Potentially exploitable crash in the YARR regular expression
    library
  * MFSA 2011-44/CVE-2011-3005 (bmo#675747)
    Use after free reading OGG headers
- removed obsolete mozilla-cairo-lcd.patch
-------------------------------------------------------------------
Tue Sep 13 07:36:50 UTC 2011 - wr@rosenauer.org
- update enigmail to 1.3.2 (no changelog available)
- add dbus-1-glib-devel to BuildRequires (not pulled automatically
  anymore with 12.1)
-------------------------------------------------------------------
Fri Sep  9 20:42:23 UTC 2011 - wr@rosenauer.org
- make enigmail a subversion of Thunderbird to fix %release
  number tracking issues with the Open Build Service
  (taken from dmueller's 3.1.x changes)
-------------------------------------------------------------------
Wed Sep  7 14:30:34 UTC 2011 - pcerny@suse.com
- security update to 6.0.2 (bnc#714931)
  * Complete blocking of certificates issued by DigiNotar
    (bmo#683449)
-------------------------------------------------------------------
Fri Sep  2 14:40:07 UTC 2011 - pcerny@suse.com
- security update to 6.0.1 (bnc#714931)
  * MFSA 2011-34
    Protection against fraudulent DigiNotar certificates
    (bmo#682927)
-------------------------------------------------------------------
Wed Aug 17 08:50:39 CEST 2011 - jslaby@suse.de
- update enigmail to 1.3 final
-------------------------------------------------------------------
Fri Aug 12 20:40:07 UTC 2011 - wr@rosenauer.org
- update to version 6.0 (bnc#712224)
  including security fixes MFSA 2011-31
  * CVE-2011-2989/CVE-2011-2991/CVE-2011-2992/CVE-2011-2985
    Miscellaneous memory safety hazards
  * CVE-2011-2988 (bmo#665936)
    String crash using WebGL shaders
  * CVE-2011-2987 (bmo#665934)
    Heap overflow in ANGLE library
  * CVE-2011-0084 (bmo#648094)
    Crash in SVGTextElement.getCharNumAtPosition()
  * CVE-2011-2986 (bmo#655836)
    Cross-origin data theft using canvas and Windows D2D
- add mozilla-curl.patch to remove dependencies to obsolete curl
  header
-------------------------------------------------------------------
Fri Jul 30 08:30:11 CEST 2011 - jslaby@suse.de
- update enigmail to 1.2.99 (1.3a1pre)
-------------------------------------------------------------------
Fri Jul 29 21:13:54 UTC 2011 - wr@rosenauer.org
- update to version 6.0b2
  * removed obsolete patches
    - mozilla-gio.patch
    - thunderbird-gio.patch
- fix symbol dumper for linux3 platform
-------------------------------------------------------------------
Sat Jul  9 11:16:51 UTC 2011 - wr@rosenauer.org
- update to version 5.0
- update enigmail to version 1.2
- improved logic for the launcher command
- enable gio usage (instead of gnomevfs) for 11.4 and newer
- build dump_syms dynamic to build on 12.1 and above
-------------------------------------------------------------------
Mon Jun 20 09:36:22 UTC 2011 - wr@rosenauer.org
- security update to version 3.1.11 (bnc#701296)
  * MFSA 2011-19/CVE-2011-2374 CVE-2011-2376 CVE-2011-2364
    CVE-2011-2365
    Miscellaneous memory safety hazards
  * MFSA 2011-20/CVE-2011-2373 (bmo#617247)
    Use-after-free vulnerability when viewing XUL document with
    script disabled
  * MFSA 2011-21/CVE-2011-2377 (bmo#638018, bmo#639303)
    Memory corruption due to multipart/x-mixed-replace images
  * MFSA 2011-22/CVE-2011-2371 (bmo#664009)
    Integer overflow and arbitrary code execution in
    Array.reduceRight()
  * MFSA 2011-23/CVE-2011-0083 CVE-2011-0085 CVE-2011-2363
    Multiple dangling pointer vulnerabilities
  * MFSA 2011-24/CVE-2011-2362 (bmo#616264)
    Cookie isolation error
- speed up find-external-requires.sh
- do not build dump_syms static as it is not needed for us
  -> fixes build for 12.1 and above
-------------------------------------------------------------------
Fri Apr 15 06:24:16 UTC 2011 - wr@rosenauer.org
- security update to version 3.1.10 (bnc#689281)
  * MFSA 2011-12/ CVE-2011-0069 CVE-2011-0070 CVE-2011-0072
    CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078
    CVE-2011-0080 CVE-2011-0081
    Miscellaneous memory safety hazards
-------------------------------------------------------------------
Fri Mar 25 08:50:30 UTC 2011 - idoenmez@novell.com
- Add mozilla-gcc46.patch: fix compilation with gcc 4.6
  See the following bug reports:
    https://bugzilla.mozilla.org/show_bug.cgi?id=623116
    https://bugzilla.mozilla.org/show_bug.cgi?id=623123
    https://bugzilla.mozilla.org/show_bug.cgi?id=623126
    https://bugzilla.mozilla.org/show_bug.cgi?id=628371
-------------------------------------------------------------------
Tue Feb 22 08:51:12 UTC 2011 - wr@rosenauer.org
- security update to version 3.1.8 (build3) (bnc#667155)
  * MFSA 2011-01/CVE-2011-0053/CVE-2011-0062
    Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17)
  * MFSA 2011-08/CVE-2010-1585 (bmo#562547)
    ParanoidFragmentSink allows javascript: URLs in chrome documents
  * MFSA 2011-09/CVE-2011-0061 (bmo#610601)
    Crash caused by corrupted JPEG image
-------------------------------------------------------------------
Thu Jan 13 13:08:39 UTC 2011 - wr@rosenauer.org
- rename desktop file for 11.4 and above (bnc#664211)
-------------------------------------------------------------------
Mon Jan 10 09:30:21 UTC 2011 - wr@rosenauer.org
- add x-scheme-handler/mailto as mimetype to the desktop file
  as needed by newer Gnome environment
-------------------------------------------------------------------
Mon Nov 29 13:47:52 UTC 2010 - wr@rosenauer.org
- security update to version 3.1.7 (bnc#657016)
  * MFSA 2010-74/CVE-2010-3776/CVE-2010-3777/CVE-2010-3778
    Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)
  * MFSA 2010-75/CVE-2010-3769 (bmo#608336)
    Buffer overflow while line breaking after document.write with
    long string
  * MFSA 2010-78/CVE-2010-3768 (bmo#527276)
    Add support for OTS font sanitizer
- provide versioned "thunderbird" symbol
-------------------------------------------------------------------
Wed Oct 27 10:55:39 CEST 2010 - wr@rosenauer.org
- security update to version 3.1.6 (bnc#649492)
  * MFSA 2010-73/CVE-2010-3765 (bmo#607222)
    Heap buffer overflow mixing document.write and DOM insertion
-------------------------------------------------------------------
Wed Oct  6 23:19:15 CEST 2010 - wr@rosenauer.org
- security update to version 3.1.5 (bnc#645315)
  * MFSA 2010-64/CVE-2010-3174/CVE-2010-3175/CVE-2010-3176
    Miscellaneous memory safety hazards
  * MFSA 2010-65/CVE-2010-3179 (bmo#583077)
    Buffer overflow and memory corruption using document.write
  * MFSA 2010-66/CVE-2010-3180 (bmo#588929)
    Use-after-free error in nsBarProp
  * MFSA 2010-67/CVE-2010-3183 (bmo#598669)
    Dangling pointer vulnerability in LookupGetterOrSetter
  * MFSA 2010-69/CVE-2010-3178 (bmo#576616)
    Cross-site information disclosure via modal calls
  * MFSA 2010-70/CVE-2010-3170 (bmo#578697)
    SSL wildcard certificate matching IP addresses
  * MFSA 2010-71/CVE-2010-3182 (bmo#590753, bnc#642502)
    Unsafe library loading vulnerabilities
  * MFSA 2010-72/CVE-2010-3173
    Insecure Diffie-Hellman key exchange
  * new extra locales
  * removed upstreamed mozilla-helper-app.patch
- require mozilla-nss >= 3.12.8
-------------------------------------------------------------------
Wed Sep 15 08:19:49 CEST 2010 - wr@rosenauer.org
- update to version 3.1.4
  * fixing startup topcrash
-------------------------------------------------------------------
Mon Aug 30 17:40:28 CEST 2010 - wr@rosenauer.org
- security update to version 3.1.3 (bnc#637303)
  * MFSA 2010-49/CVE-2010-3169
    Miscellaneous memory safety hazards
  * MFSA 2010-50/CVE-2010-2765 (bmo#576447)
    Frameset integer overflow vulnerability
  * MFSA 2010-51/CVE-2010-2767 (bmo#584512)
    Dangling pointer vulnerability using DOM plugin array
  * MFSA 2010-53/CVE-2010-3166 (bmo#579655)
    Heap buffer overflow in nsTextFrameUtils::TransformText
  * MFSA 2010-54/CVE-2010-2760 (bmo#585815)
    Dangling pointer vulnerability in nsTreeSelection
  * MFSA 2010-55/CVE-2010-3168 (bmo#576075)
    XUL tree removal crash and remote code execution
  * MFSA 2010-56/CVE-2010-3167 (bmo#576070)
    Dangling pointer vulnerability in nsTreeContentView
  * MFSA 2010-57/CVE-2010-2766 (bmo#580445)
    Crash and remote code execution in normalizeDocument
  * MFSA 2010-59/CVE-2010-2762 (bmo#584180)
    SJOW creates scope chains ending in outer object
  * MFSA 2010-61/CVE-2010-2768 (bmo#579744)
    UTF-7 XSS by overriding document charset using <object> type
    attribute
  * MFSA 2010-62/CVE-2010-2769 (bmo#520189)
    Copy-and-paste or drag-and-drop into designMode document allows
    XSS
  * MFSA 2010-63/CVE-2010-2764 (bmo#552090)
    Information leak via XMLHttpRequest statusText
- ESD notification sound fix included upstream
-------------------------------------------------------------------
Mon Aug 30 17:37:58 CEST 2010 - wr@rosenauer.org
- fixed build with latest Gnome
  (mozilla-gdk-pixbuf.patch)
-------------------------------------------------------------------
Sat Jul 24 17:22:58 CEST 2010 - wr@rosenauer.org
- update to version 3.1.1
  * based on the Gecko 1.9.2 platform
  * Faster Search Results
  * Quick Filter Toolbar
  * New Migration Assistant
  * Saved Files Manager
- update to enigmail 1.1.2
- enable crashreporter and package buildsymbols
- fixed esd sound output (notifications) (bmo#576365)
-------------------------------------------------------------------
Fri Jul 16 07:19:40 CEST 2010 - wr@rosenauer.org
- security update to 3.0.6 (bnc#622506)
  * MFSA 2010-34/CVE-2010-1211/CVE-2010-1212
    Miscellaneous memory safety hazards
  * MFSA 2010-39/CVE-2010-2752 (bmo#574059)
    nsCSSValue::Array index integer overflow
  * MFSA 2010-40/CVE-2010-2753 (bmo#571106)
    nsTreeSelection dangling pointer remote code execution
    vulnerability
  * MFSA 2010-41/CVE-2010-1205 (bmo#570451)
    Remote code execution using malformed PNG image
  * MFSA 2010-42/CVE-2010-1213 (bmo#568148)
    Cross-origin data disclosure via Web Workers and importScripts
  * MFSA 2010-46/CVE-2010-0654 (bmo#524223)
    Cross-domain data theft using CSS
  * MFSA 2010-47/CVE-2010-2754 (bmo#568564)
    Cross-origin data leakage from script filename in error messages
-------------------------------------------------------------------
Fri May 21 07:31:34 CEST 2010 - wr@rosenauer.org
- security update to 3.0.5 (bnc#603356)
  * MFSA 2010-25/CVE-2010-1121 (bmo#555109)
    Re-use of freed object due to scope confusion
  * MFSA 2010-26/CVE-2010-1200/CVE-2010-1201/CVE-2010-1202/
    CVE-2010-1203
    Crashes with evidence of memory corruption (rv:1.9.1.10)
  * MFSA 2010-29/CVE-2010-1196 (bmo#534666)
    Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
  * MFSA 2010-30/CVE-2010-1199 (bmo#554255)
    Integer Overflow in XSLT Node Sorting
-------------------------------------------------------------------
Mon Apr 12 06:50:16 CEST 2010 - wr@rosenauer.org
- do not encode the RPM release number into the useragent 
  to avoid non useful republishing (bnc#593807)
-------------------------------------------------------------------
Wed Mar 17 20:07:51 CET 2010 - wr@rosenauer.org
- security update to 3.0.4 (bnc#586567)
  * MFSA 2010-16/CVE-2010-0173/CVE-2010-0174
    Crashes with evidence of memory corruption
  * MFSA 2010-17/CVE-2010-0175 (bmo#540100,375928)
    Remote code execution with use-after-free in nsTreeSelection
  * MFSA 2010-18/CVE-2010-0176 (bmo#538308)
    Dangling pointer vulnerability in nsTreeContentView
  * MFSA 2010-22/CVE-2009-3555 (bmo#545755)
    Update NSS to support TLS renegotiation indication
  * MFSA 2010-24/CVE-2010-0182 (bmo#490790)
    XMLDocument::load() doesn't check nsIContentPolicy
-------------------------------------------------------------------
Sun Feb 28 19:56:44 CET 2010 - wr@rosenauer.org
- update to 3.0.3
  * Fix for missing folders or empty folder pane after updating 
    to Thunderbird 3.0.2
-------------------------------------------------------------------
Fri Feb 26 17:04:00 CET 2010 - wr@rosenauer.org
- security update to 3.0.2 (bnc#576969)
  * MFSA 2010-01/CVE-2010-0159
    Crashes with evidence of memory corruption
  * MFSA 2010-03/CVE-2009-1571
    Use-after-free crash in HTML parser
  * various stability improvements
- update enigmail to 1.0.1
  * Czech, Dutch, Polish and Portuguese (Brazilian) languages 
    were added to the release.
  * there are several fixes related using OpenPGP Smartcards
- use system hunspell again (bnc#582276)
-------------------------------------------------------------------
Tue Jan 12 00:23:23 CET 2010 - wr@rosenauer.org
- update to 3.0.1
  * fixed UI issues related to some combinations of installed addons
    (bmo#398702)
- fixed session restore (bnc#528406, bmo#508986)
- removed obsolete lightning stuff from spec file
- removed obsolete orbit-devel build requirement
-------------------------------------------------------------------
Mon Dec  7 10:04:05 CET 2009 - wr@rosenauer.org
- update to 3.0 (bnc#559819)
- update enigmail to final version 1.0.0
- use --disable-updater and removed obsolete UI patch and 
  pref changes
- use internal cairo up to 11.1 (Gecko now requires at least 1.8.8)
- added mozilla-clipboard.patch fixing a common crash (bmo#495392)
- removed upstreamed patch thunderbird-cs-smtpauth.patch
-------------------------------------------------------------------
Wed Oct  7 21:41:15 CEST 2009 - wr@rosenauer.org
- fixed startup-notification (bnc#518603)
  (mozilla-startup-notification.patch)
-------------------------------------------------------------------
Tue Sep 29 14:03:51 CEST 2009 - wr@rosenauer.org
- fixed CS locale to allow SMTP AUTH sending of mails (bnc#542809)
-------------------------------------------------------------------
Tue Sep 15 17:58:56 CEST 2009 - wr@rosenauer.org
- update to 3.0b4
  * removed upstreamed patches
  * based on Gecko 1.9.1.3 (inheriting security fixes)
  * new global search 
-------------------------------------------------------------------
Tue Aug 25 17:56:36 CEST 2009 - wr@rosenauer.org
- reversioned enigmail to 0.96.99 (as it's actually 0.97a and 0.96
  has been released already)
- fixed RPM group for the translation subpackages
-------------------------------------------------------------------
Fri Aug 21 13:58:54 CEST 2009 - wr@rosenauer.org
- remove obsolete code for protocol handlers (bmo#389732)
  (mozilla-protocol_handler.patch)
- new enigmail snapshot (20090813)
- require pinentry-gui for 11.2 and up (bnc#441084)
-------------------------------------------------------------------
Sun Aug  9 09:02:25 CEST 2009 - wr@rosenauer.org
- Gtk filechooser allows alternative button order (as used in KDE)
  (bnc#527418)
- translations{,-common} package doesn't provide en-US
- split translations into -common and -other packages (bnc#529180)
-------------------------------------------------------------------
Tue Jul 28 12:59:23 CEST 2009 - wr@rosenauer.org
- fixed wrong %exclude by removing unwanted files at %install stage
-------------------------------------------------------------------
Fri Jul 17 13:48:02 CEST 2009 - wr@rosenauer.org
- major update to 3.0b3
- update enigmail to 0.96pre
- created enigmail subpackage and install to system wide location
  for Thunderbird and SeaMonkey
- define MOZ_APP_LAUNCHER for session management (bmo#453689)
  (mozilla-app-launcher.patch and mozilla.sh.in)
- move opensuse.js prefs to all-opensuse.js prefs to be able
  to override prefs in all-thunderbird.js
- move intl.locale.matchOS to all-opensuse.js
- added mozilla-jemalloc_deepbind.patch to fix various possible
  crashes (bnc#503151, bmo#493541)
-------------------------------------------------------------------
Fri Jun 19 10:35:46 CEST 2009 - coolo@novell.com
- disable as-needed for this package as it fails to build with it
-------------------------------------------------------------------
Tue Jun  2 11:40:59 CEST 2009 - wr@rosenauer.org
- Fixed build issue for gcc 4.4 (mozilla-gcc44.patch)
-------------------------------------------------------------------
Wed Mar 18 14:52:14 CET 2009 - wr@rosenauer.org
- security update to version 2.0.0.21 (bnc#484321)
  * MFSA 2009-07/CVE-2009-0771, CVE-2009-0772, CVE-2009-0773
    CVE-2009-0774:
    Crashes with evidence of memory corruption (rv:1.9.0.7)
  * MFSA 2009-09/CVE-2009-0776:
    XML data theft via RDFXMLDataSource and cross-domain redirect
  * MFSA 2009-10/CVE-2009-0040:
    Upgrade PNG library to fix memory safety hazards
-------------------------------------------------------------------
Fri Jan  2 13:51:19 EST 2009 - hfiguiere@suse.de
- Review and approve changes.
-------------------------------------------------------------------
Wed Dec 31 13:33:22 CET 2008 - wr@rosenauer.org
- security update to version 2.0.0.19 (bnc#455804)
  + MFSA 2008-68/CVE-2008-5511 and CVE-2008-5512: XSS and JavaScript
    privilege escalation
  + MFSA 2008-67/CVE-2008-5510: Escaped null characters ignored by
    CSS parser
  + MFSA 2008-66/CVE-2008-5508: Errors parsing URLs with leading
    whitespace and control characters
  + MFSA 2008-65/CVE-2008-5507: Cross-domain data theft via script
    redirect error message
  + MFSA 2008-64/CVE-2008-5506: XMLHttpRequest 302 response disclosure
  + MFSA 2008-61/CVE-2008-5503: Information stealing via loadBindingDocument
  + MFSA 2008-60/CVE-2008-5500, CVE-2008-5501 and CVE-2008-5502:
    Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)
- improved mozilla-shared-nss-db.patch and 
  mozilla-system-hunspell.patch to be able to apply them
  unconditionally
-------------------------------------------------------------------
Fri Nov 21 11:26:06 CET 2008 - wr@rosenauer.org
- Add mozilla-shared-nss-db.patch which allows migrating to and
  sharing with other applications using NSS
  (same functionality as in xulrunner/firefox)
  (can be disabled completely exporting MOZ_TB_NO_NSSHELPER=1)
-------------------------------------------------------------------
Thu Nov 20 18:53:35 CST 2008 - maw@suse.de
- Review and approve changes.
-------------------------------------------------------------------
Thu Nov 13 11:02:01 CET 2008 - wr@rosenauer.org
- security update to version 2.0.0.18 (bnc#439841)
  * MFSA 2008-48 / CVE-2008-5012
    Image stealing via canvas and HTTP redirect
  * MFSA 2008-50 / CVE-2008-5014 (bmo#436741)
    Crash and remote code execution via __proto__ tampering
  * MFSA 2008-52 / CVE-2008-5016 / CVE-2008-5017 / CVE-2008-5018
    Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)
  * MFSA 2008-55 / CVE-2008-5021 (bmo#456896)
    Crash and remote code execution in nsFrameManager
  * MFSA 2008-56 / CVE-2008-5022 (bmo#460002)
    nsXMLHttpRequest::NotifyEventListeners() same-origin violation
  * MFSA 2008-58 / CVE-2008-5024 (bmo#453915)
    Parsing error in E4X default namespace
-------------------------------------------------------------------
Wed Oct 15 10:32:09 CDT 2008 - maw@suse.de
- Review and approve changes.
-------------------------------------------------------------------
Wed Oct  8 09:51:06 CEST 2008 - wr@rosenauer.org
- use system hunspell from 11.0 on (bnc#385739)
- remove more executable bits from non-executable files
-------------------------------------------------------------------
Tue Sep 23 09:42:12 CEST 2008 - wr@rosenauer.org
- security update to version 2.0.0.17 (bnc#429179)
  * MFSA 2008-37 / CVE-2008-0016
    UTF-8 URL stack buffer overflow
  * MFSA 2008-38 / CVE-2008-3835
    nsXMLDocument::OnChannelRedirect() same-origin violation
  * MFSA 2008-41 / CVE-2008-4058 / CVE-2008-4059 / CVE-2008-4060
    Privilege escalation via XPCnativeWrapper pollution
  * MFSA 2008-42 / CVE-2008-4061 / CVE-2008-4062 / CVE-2008-4063
    CVE-2008-4064
    Crashes with evidence of memory corruption
  * MFSA 2008-43 / CVE-2008-4065 / CVE-2008-4066
    BOM characters, low surrogates stripped from JavaScript before
    execution
  * MFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068
    resource: traversal vulnerabilities
  * MFSA 2008-46 / CVE-2008-4070
    Heap overflow when canceling newsgroup message
-------------------------------------------------------------------
Mon Sep 15 13:06:11 CEST 2008 - wr@rosenauer.org
- fixed undefined operation in nsMailboxService.cpp (abuild.patch)
- cleanup spec a bit while merging from OBS/mozilla
  * forwarding old fixes to cups-paper.patch, mozilla.sh.in and
    add-plugins.sh (were fixed long ago in the OBS repo)
-------------------------------------------------------------------
Thu Sep 11 21:34:40 CEST 2008 - mauro@suse.de
- Update to 2.0.0.16 (fixed bnc#417869), fixes: 
  + MFSA 2008-34  Remote code execution by overflowing CSS 
    reference counter
  + MFSA 2008-33 Crash and remote code execution in block reflow
  + MFSA 2008-31 Peer-trusted certs can use alt names to spoof
  + MFSA 2008-29 Faulty .properties file results in uninitialized
    memory being used
  + MFSA 2008-26 Buffer length checks in MIME processing
  + MFSA 2008-25 Arbitrary code execution in 
    mozIJSSubScriptLoader.loadSubScript()
  + MFSA 2008-24 Chrome script loading from fastload file
  + MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)
-------------------------------------------------------------------
Wed Jul 23 18:01:05 CEST 2008 - schwab@suse.de
- Remove unused includes.
-------------------------------------------------------------------
Tue Jun 24 18:43:51 CEST 2008 - maw@suse.de
- Security update to version 2.0.0.14 (bnc#390992):
  + MFSA 2008-15 / CVE-2008-1236 and CVE-2008-1237: Crashes with
    evidence of memory corruption (rv:1.8.1.13)
  + MFSA 2008-14 / CVE-2008-1233, CVE-2008-1234, and CVE-2008-1235:
    JavaScript privilege escalation and arbitrary code execution
- Drop the following patches: thunderbird-2.0.0.14-backports.patch,
  mozilla-missing-decl.patch, and unused-includes.patch
- Respin mozilla-gcc4.3-fixes.patch.  
-------------------------------------------------------------------
Fri May 30 17:27:50 CEST 2008 - maw@suse.de
- Add thunderbird-2.0.0.14-backports.patch (bnc390992).
-------------------------------------------------------------------
Fri May 16 16:59:40 CEST 2008 - schwab@suse.de
- Remove unused includes.
-------------------------------------------------------------------
Mon Mar 24 20:17:09 CET 2008 - maw@suse.de
- Add mozilla-missing-decl.patch, which is necessary when building
  against new versions of mozilla-nss (bmo#399589).
-------------------------------------------------------------------
Fri Mar  7 18:34:42 CET 2008 - maw@suse.de
- Security update to version 2.0.0.12 (bnc#354469) 
  * MFSA 2008-12 Buffer overflow in external MIME bodies
- Replace mozilla-maxpathlen.patch with mozilla-path_len.patch, for
  consistency's sake.
-------------------------------------------------------------------
Thu Jan 17 17:56:04 CET 2008 - maw@suse.de
- Add mozilla-maxpathlen.patch (#354150 and bmo #412610).
-------------------------------------------------------------------
Tue Jan 15 20:36:54 CET 2008 - maw@suse.de
- Merge changes from the build service (thanks, Wolfgang)
- Update to version 2.0.9.9 (MFSA 2007-29)
- Update enigmail to version 0.95.6
- Add a -devel subpackage
- Various fixes to enable building with gcc 4.3.
-------------------------------------------------------------------
Tue Nov 13 17:50:35 CET 2007 - maw@suse.de
- Add thunderbird-gcc4.3-fixes.patch
- Add visibility.patch.
-------------------------------------------------------------------
Thu Sep 13 17:00:36 CEST 2007 - cthiel@suse.de
- recommend gpg instead of requireing a fixed path
-------------------------------------------------------------------
Wed Sep 12 18:25:34 CEST 2007 - maw@suse.de
- Added gpg/pinentry requirements (#309160).
-------------------------------------------------------------------
Tue Sep  4 00:57:26 CEST 2007 - maw@suse.de
- Don't run %fdupes on directories where multiple partitions
  are liable to be mounted.
-------------------------------------------------------------------
Mon Sep  3 17:50:50 CEST 2007 - maw@suse.de
- Merge some changes from the build service (thanks, Wolfgang):
  + Provide locale info (#302288)
  + Update releasedate
- Uncomment %clean.
-------------------------------------------------------------------
Tue Aug 21 18:45:00 CEST 2007 - maw@suse.de
- Use %fdupes.
-------------------------------------------------------------------
Tue Aug 21 18:12:36 CEST 2007 - maw@suse.de
- Merge updates from the build service:
- Update to security release 2.0.0.6:
  * MFSA 2007-26  Privilege escalation through chrome-loaded 
    about:blank windows
  * MFSA 2007-27  Unescaped URIs passed to external programs
- Update enigmail to version 0.95.3.
-------------------------------------------------------------------
Wed Aug 15 15:04:09 CEST 2007 - maw@suse.de
- On x86_64, s390, and s390x, deactivate the hidden visibility
  support, thereby fixing the build.
-------------------------------------------------------------------
Wed Jul 25 21:52:23 CEST 2007 - maw@suse.de
- Security update to version 2.0.0.5 (#288115)
- This new release has fixes for:
MFSA 2007-18
    CVE-2007-3734 - Browser flaws
    CVE-2007-3735 - Javascript flaws
MFSA 2007-19
    CVE-2007-3736
MFSA 2007-20
    CVE-2007-3089
MFSA 2007-21
    CVE-2007-3737
MFSA 2007-22
    CVE-2007-3285
MFSA 2007-23
    CVE-2007-3670
MFSA 2007-24
    CVE-2007-3656
MFSA 2007-25
    CVE-2007-3738
- Update to enigmail 0.95.2.
-------------------------------------------------------------------
Thu Jun 21 17:23:18 CEST 2007 - adrian@suse.de
- fix changelog entry order
-------------------------------------------------------------------
Fri Jun 15 18:09:28 CDT 2007 - maw@suse.de
- Merge update to 2.0.0.4 from the build service (thanks, Wolfgang)
- Remove some commented out stuff.
-------------------------------------------------------------------
Wed Jun 13 23:00:38 CEST 2007 - wr@rosenauer.org
- update to maintenance release 2.0.0.4
- update enigmail to 0.95.1
- adopted patches:
  * fixed cups-paper.patch (copied from FF)
  * removed obsolete visibility.patch
-------------------------------------------------------------------
Tue Jun 12 11:53:55 CDT 2007 - maw@suse.de
- Merge chagnges from the build service (thanks, Wolfgang)
- Now use l10n-%{version}.tar.bz2 instead of l10n.tar.bz2 as
  before.
-------------------------------------------------------------------
Tue Jun  5 18:20:13 CEST 2007 - maw@suse.de
- Security update to version 1.5.0.12 (#271197). 
-------------------------------------------------------------------
Tue Jun  5 15:55:08 CEST 2007 - sbrabec@suse.cz
- Removed invalid desktop category "Application" (#254654).
-------------------------------------------------------------------
Thu Apr 19 07:15:36 CEST 2007 - wr@rosenauer.org
- update to final version 2.0.0.0
  (http://www.mozilla.com/en-US/thunderbird/2.0.0.0/releasenotes/)
- update enigmail to 0.95.0
-------------------------------------------------------------------
Wed Apr 18 14:16:44 CEST 2007 - mfabian@suse.de
- add Japanese to the languages which get PANGO enabled in the
  start script to support the Japanese combining characters
  U+3099 U+309A (see bugzilla #262718 comment #29).
-------------------------------------------------------------------
Thu Apr 12 16:35:43 CEST 2007 - wr@rosenauer.org
- update to 2.0.0.0rc1
- enabled translations package
-------------------------------------------------------------------
Fri Mar 30 11:35:01 CEST 2007 - wr@rosenauer.org
- update to snapshot 2.0.0.0pre-20070329
- security update enigmail 0.94.3
  (Bugtraq #22758)
-------------------------------------------------------------------
Fri Mar 30 10:35:03 CEST 2007 - meissner@suse.de
- require unzip
-------------------------------------------------------------------
Tue Mar 13 08:36:31 CET 2007 - wr@rosenauer.org
- update to snapshot 2.0pre-20060312
- removed implicit NSS version dependency
-------------------------------------------------------------------
Thu Mar  8 15:56:56 CET 2007 - meissner@suse.de
- Upgraded to 1.5.0.10 security release.
- Upgraded to enigmail 0.94.2.
-------------------------------------------------------------------
Thu Feb 15 19:47:56 CET 2007 - wr@rosenauer.org
- update to snapshot 2.0beta2-20060214
- fixed build on SLES9
-------------------------------------------------------------------
Mon Feb  5 18:56:14 CET 2007 - wr@rosenauer.org
- fixed check in add-plugins.sh (#242237)
-------------------------------------------------------------------
Tue Jan 30 10:50:51 CST 2007 - maw@suse.de
- Add thunderbird-1.5.0.8-uninitalized-vars-232305.patch (#232305).
-------------------------------------------------------------------
Thu Jan 18 17:59:26 CST 2007 - maw@suse.de
- Add undefined-ops.patch, silencing some warnings.
-------------------------------------------------------------------
Thu Nov  9 01:41:19 CET 2006 - jhargadon@suse.de
- security update to version 1.5.0.8 
-------------------------------------------------------------------
Tue Sep 12 20:51:58 CEST 2006 - stark@suse.de
- security update to version 1.5.0.7
-------------------------------------------------------------------
Mon Aug 14 11:37:46 CEST 2006 - stark@suse.de
- update enigmail to 0.94.1
  * Added support for signing attachments with inline-PGP
- update mailredirect to 0.7.4
- added backend patch to allow replies to list with
  ReplyToListThunderbirdExtension (#199125, bmo #45715)
- added mailnews.clobber_list_reply pref which switches
  "Reply All" to "Reply List" functionality if set
-------------------------------------------------------------------
Thu Jul 27 06:50:44 CEST 2006 - stark@suse.de
- security update to version 1.5.0.5 (#195043)
- fixed overwrite confirmation for GTK filesaver (#179531)
-------------------------------------------------------------------
Wed Jun  7 19:52:37 CEST 2006 - stark@suse.de
- fixed up BuildRequires
-------------------------------------------------------------------
Fri Jun  2 12:18:49 CEST 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Fri Jun  2 12:13:48 CEST 2006 - stark@suse.de
- update to security/stability release 1.5.0.4 (#179011)
  (http://www.mozilla.org/projects/security/known-vulnerabilities.html#Thunderbird)
-------------------------------------------------------------------
Mon May 15 07:16:13 CEST 2006 - stark@suse.de
- update to version 1.5.0.2
- update mailredirect to 0.7.3
- save printer settings properly (#174082, bmo #324072)
- improved postscript output (bmo #334485)
- changed defaults for printer properties (#6534)
- get available paper sizes from CUPS (#65482)
-------------------------------------------------------------------
Sat Mar 18 22:23:49 CET 2006 - stark@suse.de
- translations package is suggested now by main package
- yet another set of upstream fixes (#148876)
-------------------------------------------------------------------
Sun Mar 12 19:52:08 CET 2006 - stark@suse.de
- added Khmer (km-*) to pango locales (#157397)
- yet another set of upstream fixes (#148876)
-------------------------------------------------------------------
Sat Mar  4 21:27:42 CET 2006 - stark@suse.de
- latest security fixes from upstream (#148876)
- show multiple Reply-To addresses (bmo #106189)
-------------------------------------------------------------------
Fri Feb 24 09:00:40 CET 2006 - stark@suse.de
- added GTK category to desktop-file
- dumpstack.patch is in upstream patches now
- get some more patches (#148876)
-------------------------------------------------------------------
Tue Feb 14 07:28:48 CET 2006 - stark@suse.de
- applied set of security patches (#148876)
-------------------------------------------------------------------
Tue Feb  7 20:09:32 CET 2006 - stark@suse.de
- fixed disabling of Pango (#148788)
-------------------------------------------------------------------
Thu Feb  2 21:50:18 CET 2006 - stark@suse.de
- defined gssapi lib explicitely (#147670)
-------------------------------------------------------------------
Wed Feb  1 17:34:34 CET 2006 - stark@suse.de
- removed additional CA certs from builtin NSS
- make it possible to choose $HOME as download directory
  (#144894, bmo #300856)
- cleaned up BuildRequires
-------------------------------------------------------------------
Wed Jan 25 21:33:47 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Mon Jan 23 08:39:32 CET 2006 - stark@suse.de
- disable Pango if MOZ_ENABLE_PANGO is not set
  and no typical language which needs Pango is used (#143428)
- preload libaoss for plugin sound (#117079)
- fix to ignore X composite extension (#135373)
-------------------------------------------------------------------
Wed Jan 18 09:38:18 CET 2006 - stark@suse.de
- added default (font) settings
- tweak useragent
- fixed DumpStackToFile() for glibc 2.4
-------------------------------------------------------------------
Thu Jan 12 10:35:03 CET 2006 - stark@suse.de
- update to 1.5 (20060111)
- added sytem extensions patch
- added XUL filechooser patch (MOZ_XUL_PICKER)
- update enigmail to 0.94.0
- use -fstack-protector where available
- use system NSS since CODE10
-------------------------------------------------------------------
Wed Dec 28 08:35:38 CET 2005 - stark@suse.de
- update to 1.5rc2 (20051227)
-------------------------------------------------------------------
Sun Dec 11 08:16:01 CET 2005 - stark@suse.de
- update to 1.5 (20051211)
- update enigmail to 0.93.2
-------------------------------------------------------------------
Tue Nov 29 09:53:05 CET 2005 - stark@suse.de
- update enigmail to 0.93.1
- added patch for GTK2 handling (#134831)
-------------------------------------------------------------------
Fri Nov 25 10:29:26 CET 2005 - stark@suse.de
- update to 1.5 (20051124)
-------------------------------------------------------------------
Fri Oct 28 06:47:11 CEST 2005 - stark@suse.de
- update to latest 1.5 snapshot (20051027)
- added patch to be able to reply to and forward rfc822 messages
  (bmo #204350)
- again don't provide and require NSS stuff
- removed disable-gconf patch (no registration needed in build 
  process anymore)
- added mailredirect extension
- removed update functionality
-------------------------------------------------------------------
Mon Oct 10 21:50:36 CEST 2005 - stark@suse.de
- update to 1.5b2 (20051008)
- preinstall Enigmail (version 0.93.0) as global extension
- add all supported locales and use if installed
-------------------------------------------------------------------
Tue Oct  4 09:32:11 CEST 2005 - stark@suse.de
- update to 1.5b2 (20051003) (RPM version 1.4.1)
- prerequire NSPR
- prepared translations subpackage
- fixed filelist
- fixed build with new gcc
-------------------------------------------------------------------
Wed Sep 21 14:32:28 CEST 2005 - stark@suse.de
- update to 1.5b1 (20050920)
- added spellchecker integration with myspell (add-plugins.sh)
- removed aviary-install-global patch (not needed anymore, with
  new EM)
- enabled pango font rendering (through cairo hopefully)
- fixed GNOME gconf registration (#117851)
-------------------------------------------------------------------
Sat Aug 20 20:33:10 CEST 2005 - stark@suse.de
- workaround for linking with pangoxft and pangox
  (broken by gtk 2.8 update) (#105764)
-------------------------------------------------------------------
Thu Aug 18 08:48:17 CEST 2005 - stark@suse.de
- fixed Gdk-WARNING at startup (gtk.patch)
- fixed regression in profile locking change (bmo #303633)
- fixed crash with gtk 2.7 (bmo #300226, bnc #104586)
-------------------------------------------------------------------
Wed Aug  3 07:23:50 CEST 2005 - stark@suse.de
- fixed profile locking (bmo #151188) 
-------------------------------------------------------------------
Fri Jul 29 07:06:57 CEST 2005 - stark@suse.de
- don't require and provide NSS libs (#98002)
-------------------------------------------------------------------
Fri Jul 22 11:00:05 CEST 2005 - stark@suse.de
- fixed printing patch
-------------------------------------------------------------------
Tue Jul 19 10:45:22 CEST 2005 - stark@suse.de
- added NSPR to PreReq 
- disable stripping in specfile
-------------------------------------------------------------------
Fri Jul 15 07:01:45 CEST 2005 - stark@suse.de
- update to 1.0.6 which restores API compatibility
- fixed width calculation in Postscript module (bmo #290292)
-------------------------------------------------------------------
Thu Jul 14 12:29:41 CEST 2005 - stark@suse.de
- fixed filelist to include icon-file and startscript again
-------------------------------------------------------------------
Tue Jul 12 06:28:21 CEST 2005 - stark@suse.de
- fixed remote usage behaviour in start script (bnc #41903)
- update to 1.0.5 security release 
- fixed quoting patch
- moved desktop file to a Gnome independent location
- don't strip explicitely
- use RPM_OPT_FLAGS for NSS component
- fixed implicit declarations and uninitialized used variables
-------------------------------------------------------------------
Thu Apr 28 10:45:51 CEST 2005 - stark@suse.de
- updated to current 1.0 branch version
- use static NSPR from other location
-------------------------------------------------------------------
Sat Apr 23 23:13:52 CEST 2005 - stark@suse.de
- activate usage of system NSPR for distributions after 9.3
- add patch to be able to use systen NSPR at all
- extended desktop file
-------------------------------------------------------------------
Fri Apr 22 12:48:13 CEST 2005 - ro@suse.de
- apply mozilla-gcc4.patch 
-------------------------------------------------------------------
Wed Mar 23 08:28:57 CET 2005 - stark@suse.de
- update to 1.0.2 
- use system NSPR on SUSE releases after 9.3
- made startscript PIS aware
- set g-application-name correctly (bmo #281979)
-------------------------------------------------------------------
Mon Mar  7 21:27:33 CET 2005 - stark@suse.de
- don't use gconfd in registration phase (#66381) 
-------------------------------------------------------------------
Fri Feb 25 18:03:31 CET 2005 - stark@suse.de
- update to version 1.0.1
-------------------------------------------------------------------
Tue Feb 22 21:59:53 CET 2005 - stark@suse.de
- added patch to create Postscript level 2 (instead of 3)
  (special thanks to Jungshik Shin)
- disabled freetype explicitly to be able to use the above patch
  (freetype wasn't used anymore since some time anyway)
-------------------------------------------------------------------
Wed Feb  2 14:02:34 CET 2005 - stark@suse.de
- added a JS crasher fix (bmc #268535) 
-------------------------------------------------------------------
Sat Jan 22 13:17:37 CET 2005 - stark@suse.de
- added some backported bugfixes
-------------------------------------------------------------------
Tue Dec  7 10:26:15 CET 2004 - stark@suse.de
- update to 1.0 
- fixed extra lines in replies (bmo #144998)
- fixed build on s390/s390x
-------------------------------------------------------------------
Wed Nov 24 07:16:17 CET 2004 - stark@suse.de
- update to 20041123 snapshot
- inherit downloadFolder patch from Firefox
-------------------------------------------------------------------
Fri Nov 12 10:58:46 CET 2004 - stark@suse.de
- fixed chrome filelist
-------------------------------------------------------------------
Thu Nov  4 08:12:51 CET 2004 - stark@suse.de
- update to 0.9
- sync patch-set with firefox base
- fixed neededforbuild to get GNOME functionalities
-------------------------------------------------------------------
Fri Sep 17 10:30:36 CEST 2004 - stark@suse.de
- added some missing fixes for official release 
- synced add-plugins.sh
-------------------------------------------------------------------
Sat Sep 11 13:47:50 CEST 2004 - stark@suse.de
- update to official 0.8 version (20040911) 
- fixed enigmail config
-------------------------------------------------------------------
Mon Sep  6 08:58:08 CEST 2004 - stark@suse.de
- fixed profile directory 
-------------------------------------------------------------------
Fri Sep  3 21:50:19 CEST 2004 - stark@suse.de
- update to thunderbird 0.8 (20040903)
- update enigmail to 0.86.0 and ipc to 1.0.8 (deactivated)
-------------------------------------------------------------------
Tue Aug 24 08:09:42 CEST 2004 - stark@suse.de
- update to thunderbird 0.7.3
- update enigmail to 0.85.0 and ipc to 1.0.7
-------------------------------------------------------------------
Tue Jun 29 11:31:39 CEST 2004 - stark@suse.de
- update to thunderbird 0.7.1
- update enigmail to 0.84.1
-------------------------------------------------------------------
Wed May 12 18:16:28 CEST 2004 - ro@suse.de
- add some missing return values
-------------------------------------------------------------------
Mon May  3 13:16:26 CEST 2004 - stark@suse.de
- update to Thunderbird 0.6 (based on 1.7rc1) 
- use official branding for release builds
- added desktop-icon (#39139)
-------------------------------------------------------------------
Fri Apr  2 10:32:00 CEST 2004 - stark@suse.de
- removing relocation of TEMP directory (#34391) 
-------------------------------------------------------------------
Fri Mar 26 18:09:27 CET 2004 - uli@suse.de
- fixed hang during build on s390* (bug #35440)
-------------------------------------------------------------------
Sun Mar  7 23:19:54 CET 2004 - ro@suse.de
- match function declaration in enigmail mimedummy.cpp
-------------------------------------------------------------------
Fri Mar  5 07:00:23 CET 2004 - stark@suse.de
- more fixes for #35179
- added firefox as default handler for its protocols
- update enigmail to 0.83.4
-------------------------------------------------------------------
Wed Mar  3 06:52:35 CET 2004 - stark@suse.de
- removed unused patches for GTK2 build 
-------------------------------------------------------------------
Sun Feb 29 14:35:02 CET 2004 - stark@suse.de
- improved start-script to interact with firefox and mozilla
  (#35179) 
-------------------------------------------------------------------
Fri Feb 27 06:50:16 CET 2004 - stark@suse.de
- update to 0.5
- spec-file cleanup 
-------------------------------------------------------------------
Wed Oct 15 17:08:01 CEST 2003 - stark@suse.de
- update to 0.3 (sync with mozilla 1.5) 
-------------------------------------------------------------------
Tue Jul 15 09:18:45 CEST 2003 - stark@suse.de
- initial package (snapshot 20030714)