Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

MozillaThunderbird-102.10.1-150200.8.113.2 RPM for x86_64

From OpenSuSE Leap 15.5 for x86_64

Name: MozillaThunderbird Distribution: SUSE Linux Enterprise 15
Version: 102.10.1 Vendor: SUSE LLC <https://www.suse.com/>
Release: 150200.8.113.2 Build date: Thu Apr 27 00:30:44 2023
Group: Productivity/Networking/Email/Clients Build host: sheep92
Size: 242627617 Source RPM: MozillaThunderbird-102.10.1-150200.8.113.2.src.rpm
Packager: https://www.suse.com/
Url: https://www.thunderbird.net/
Summary: An integrated email, news feeds, chat, and newsgroups client
Thunderbird is a free, open-source, cross-platform application for
managing email, news feeds, chat, and news groups. It is a local
(rather than browser- or web-based) email application that is powerful
yet easy to use.

Provides

Requires

License

MPL-2.0

Changelog

* Wed Apr 26 2023 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 102.10.1
    * fixed: Messages with missing or corrupt "From:" header did
      not display message header buttons (bmo#1793918)
    * fixed: Composer repeatedly prompted for S/MIME smartcard
      signing/encryption password (bmo#1828366)
    * fixed: Address Book integration did not work with macOS 11.4
      Bug Sur (bmo#1720257)
    * fixed: Mexico City DST fix in Thunderbird 102.10.0 (bug
      1826146) was incomplete (bmo#1827503)
  - Mozilla Thunderbird 102.10
    * changed: New messages will automatically select S/MIME if
      configured and OpenPGP is not (bmo#1793278)
    * fixed: Calendar events with timezone America/Mexico_City
      incorrectly applied Daylight Savings Time (bmo#1826146)
    * fixed: Security fixes
    MFSA 2023-15 (bsc#1210212)
    * CVE-2023-29531 (bmo#1794292)
      Out-of-bound memory access in WebGL on macOS
    * CVE-2023-29532 (bmo#1806394)
      Mozilla Maintenance Service Write-lock bypass
    * CVE-2023-29533 (bmo#1798219, bmo#1814597)
      Fullscreen notification obscured
    * CVE-2023-1999 (bmo#1819244)
      Double-free in libwebp
    * CVE-2023-29535 (bmo#1820543)
      Potential Memory Corruption following Garbage Collector
      compaction
    * CVE-2023-29536 (bmo#1821959)
      Invalid free from JavaScript code
    * CVE-2023-0547 (bmo#1811298)
      Revocation status of S/Mime recipient certificates was not
      checked
    * CVE-2023-29479 (bmo#1824978)
      Hang when processing certain OpenPGP messages
    * CVE-2023-29539 (bmo#1784348)
      Content-Disposition filename truncation leads to Reflected
      File Download
    * CVE-2023-29541 (bmo#1810191)
      Files with malicious extensions could have been downloaded
      unsafely on Linux
    * CVE-2023-29542 (bmo#1810793, bmo#1815062)
      Bypass of file download extension restrictions
    * CVE-2023-29545 (bmo#1823077)
      Windows Save As dialog resolved environment variables
    * CVE-2023-1945 (bmo#1777588)
      Memory Corruption in Safe Browsing Code
    * CVE-2023-29548 (bmo#1822754)
      Incorrect optimization result on ARM64
    * CVE-2023-29550 (bmo#1720594, bmo#1751945, bmo#1812498,
      bmo#1814217, bmo#1818357, bmo#1818762, bmo#1819493,
      bmo#1820389, bmo#1820602, bmo#1821448, bmo#1822413,
      bmo#1824828)
      Memory safety bugs fixed in Thunderbird 102.10
* Thu Mar 30 2023 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 102.9.1
    * fixed: Thunderbird was unable to open file URLs from command
      line (URLs beginning with "file://") (bmo#1816343)
    * fixed: Source strings for localized builds not uploaded to
      FTP as expected (bmo#1817086)
    * fixed: Visual and theme improvements
      (bmo#1821358,bmo#1822286)
    * fixed: Security fixes
    MFSA 2023-12 (bsc#1209953)
    * CVE-2023-28427 (bmo#1822595)
      Matrix SDK bundled with Thunderbird vulnerable to denial-of-
      service attack
* Mon Mar 20 2023 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 102.9
    * fixed: Notification about a sender's changed OpenPGP key was
      not immediately visible (bmo#1814003)
    * fixed: TLS Certificate Override dialog did not appear when
      retrieving messages via IMAP using "Get Messages" context
      menu (bmo#1816596)
    * fixed: Spellcheck dictionaries were missing from localized
      Thunderbird builds that should have included them
      (bmo#1818257)
    * fixed: Tooltips for "Show/Hide" calendar toggle did not
      display (bmo#1809557)
    * fixed: Various security fixes
    MFSA 2023-11 (bsc#1209173)
    * CVE-2023-25751 (bmo#1814899)
      Incorrect code generation during JIT compilation
    * CVE-2023-28164 (bmo#1809122)
      URL being dragged from a removed cross-origin iframe into the
      same tab triggered navigation
    * CVE-2023-28162 (bmo#1811327)
      Invalid downcast in Worklets
    * CVE-2023-25752 (bmo#1811627)
      Potential out-of-bounds when accessing throttled streams
    * CVE-2023-28163 (bmo#1817768)
      Windows Save As dialog resolved environment variables
    * CVE-2023-28176 (bmo#1808352, bmo#1811637, bmo#1815904,
      bmo#1817442, bmo#1818674)
      Memory safety bugs fixed in Thunderbird 102.9
* Thu Feb 16 2023 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 102.8.0
    * new: Added option to build RNP library with OpenSSL backend
      (use "--with-librnp-backend=openssl" configure option)
      (bmo#1799123,bmo#1805215)
    * changed: Thunderbird now warns user that OpenPGP is disabled
      if RNP library is outdated or missing (bmo#1799874)
    * fixed: "Get Messages" did not retrieve messages from Gmail
      accounts using a local folder as a deferred inbox
      (bmo#1799106)
    * fixed: Various visual and UX improvements
      (bmo#1777788,bmo#1790278)
    * unresolved: Source strings for localized builds not uploaded
      to FTP as expected (bmo#1817086)
    * fixed: Various security fixes
    MFSA 2023-07 (bsc#1208144)
    * CVE-2023-0616 (bmo#1806507)
      User Interface lockup with messages combining S/MIME and
      OpenPGP
    * CVE-2023-25728 (bmo#1790345)
      Content security policy leak in violation reports using
      iframes
    * CVE-2023-25730 (bmo#1794622)
      Screen hijack via browser fullscreen mode
    * CVE-2023-0767 (bmo#1804640)
      Arbitrary memory write via PKCS 12 in NSS
    * CVE-2023-25735 (bmo#1810711)
      Potential use-after-free from compartment mismatch in
      SpiderMonkey
    * CVE-2023-25737 (bmo#1811464)
      Invalid downcast in SVGUtils::SetupStrokeGeometry
    * CVE-2023-25738 (bmo#1811852)
      Printing on Windows could potentially crash Thunderbird with
      some device drivers
    * CVE-2023-25739 (bmo#1811939)
      Use-after-free in
      mozilla::dom::ScriptLoadContext::~ScriptLoadContext
    * CVE-2023-25729 (bmo#1792138)
      Extensions could have opened external schemes without user
      knowledge
    * CVE-2023-25732 (bmo#1804564)
      Out of bounds memory write from EncodeInputStream
    * CVE-2023-25734 (bmo#1784451, bmo#1809923, bmo#1810143,
      bmo#1812338)
      Opening local .url files could cause unexpected network loads
    * CVE-2023-25742 (bmo#1813424)
      Web Crypto ImportKey crashes tab
    * CVE-2023-25746 (bmo#1544127, bmo#1762368, bmo#1789449,
      bmo#1803628, bmo#1810536)
      Memory safety bugs fixed in Thunderbird 102.8
* Wed Feb 08 2023 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 102.7.2
    * fixed: Various crash fixes (bmo#1806245,bmo#1806247)
* Fri Jan 20 2023 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 102.7.1
    * fixed: Microsoft Office 365 accounts were unable to
      authenticate (bmo#1810760)
    * fixed: Switching identities caused remote images in HTML
      signatures to not be shown (bmo#1807200)
    * fixed: Thunderbird failed to import vCards that contained
      "\r\r\n" line endings (bmo#1800305)
    * fixed: Contribution button for add-ons opened Contribution
      page in a Thunderbird tab, instead of the external browser
      (bmo#1805808)
    * fixed: XMPP did not respond to unrecognized IQ queries,
      causing some servers to close the connection (bmo#1806630)
    * fixed: Window titlebar buttons (minimize/maximize/close) were
      not displayed in Windows 10 "Dark" color mode (bmo#1810961)
    * fixed: Various security fixes
    MFSA 2023-04 (bsc#1207119)
    * CVE-2023-0430 (bmo#1769000)
      Revocation status of S/Mime signature certificates was not
      checked
  - Mozilla Thunderbird 102.7
    * new: Enterprise policies now support Thunderbird-specific
      preferences (bmo#1791637)
    * fixed: Localized builds and langpacks now use "comm-l10n"
      repository; downstream builds using official langpacks should
      not need to make changes
      (bmo#1765629,bmo#1766080,bmo#1801150,bmo#1807161)
    * fixed: Having too many folders open at startup caused loss of
      MSF files (bmo#1800202)
    * fixed: Copying an email from one local folder to another
      local folder sometimes caused "Another Operation is using the
      folder" error on Windows 7 (bmo#1792071)
    * fixed: Email address pill allowed for incorrectly formatted
      email addresses (bmo#1799390)
    * fixed: Creating security exceptions for messages sent using a
      self-signed certificate failed if hostname contained
      uppercase letters (bmo#1735803)
    * fixed: S/MIME certificate verification was prohibitively slow
      (bmo#1791130)
    * fixed: OpenPGP key import failed for key blocks with comments
      that contain Unicode characters (bmo#1721668)
    * fixed: Chat conversation sidebar was too wide under certain
      circumstances, making scrollbar unusable (bmo#1801645)
    * fixed: On Mac, deleting events from Today Pane with
      "Backspace" key deleted selected messages instead
      (bmo#1763468)
    * fixed: Various security fixes
    * unresolved: OAuth2 authentication not working for Microsoft
      365 Enterprise accounts. See the Blog post for additional information.
      (bmo#1810760)
    MFSA 2023-03 (bsc#1207119)
    * CVE-2022-46871 (bmo#1795697)
      libusrsctp library out of date
    * CVE-2023-23598 (bmo#1800425)
      Arbitrary file read from GTK drag and drop on Linux
    * CVE-2023-23599 (bmo#1777800)
      Malicious command could be hidden in devtools output on
      Windows
    * CVE-2023-23601 (bmo#1794268)
      URL being dragged from cross-origin iframe into same tab
      triggers navigation
    * CVE-2023-23602 (bmo#1800890)
      Content Security Policy wasn't being correctly applied to
      WebSockets in WebWorkers
    * CVE-2022-46877 (bmo#1795139)
      Fullscreen notification bypass
    * CVE-2023-23603 (bmo#1800832)
      Calls to <code>console.log</code> allowed bypasing Content
      Security Policy via format directive
    * CVE-2023-23605 (bmo#1764921, bmo#1802690, bmo#1806974)
      Memory safety bugs fixed in Thunderbird 102.7
* Fri Dec 23 2022 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 102.6.1
    * fixed: Remote content did not load in user-defined signatures
      (bmo#1803942)
    * fixed: Addons that added new action buttons were not shown
      for addon upgrades, requiring removal and reinstall
      (bmo#1793430)
    * fixed: Various stability improvements
      (bmo#1798181,bmo#1797616)
    * fixed: Security fix
    MFSA 2022-53 (bsc#1206653)
    * CVE-2022-46874 (bmo#1746139)
      Drag and Dropped Filenames could have been truncated to
      malicious extensions
* Tue Dec 13 2022 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 102.6
    * fixed: Importing secret OpenPGP keys failed when public key
      with public subkey was already present (bmo#1795698)
    * fixed: Message index files were incorrectly deleted when too
      many folders were opened (bmo#1787609)
    * fixed: Thunderbird sometimes incorrectly formatted synced
      vCards (bmo#1792542)
    * fixed: Recurring events did not display past a certain number
      of repetitions (bmo#1789437)
    * fixed: Cookies deleted from the "Show Cookies" dialog were
      not actually deleted (bmo#1803795)
    * fixed: Paused RSS feeds did not actually pause updates
      (bmo#1789120)
    * fixed: Various visual and UX improvements
      (bmo#1800189,bmo#1800537,bmo#1801080)
    MFSA 2022-52 (bsc#1206242)
    * CVE-2022-46880 (bmo#1749292)
      Use-after-free in WebGL
    * CVE-2022-46872 (bmo#1799156)
      Arbitrary file read from a compromised content process
    * CVE-2022-46881 (bmo#1770930)
      Memory corruption in WebGL
    * CVE-2022-46874 (bmo#1746139)
      Drag and Dropped Filenames could have been truncated to
      malicious extensions
    * CVE-2022-46875 (bmo#1786188)
      Download Protections were bypassed by .atloc and .ftploc
      files on Mac OS
    * CVE-2022-46882 (bmo#1789371)
      Use-after-free in WebGL
    * CVE-2022-46878 (bmo#1782219, bmo#1797370, bmo#1797685,
      bmo#1801102, bmo#1801315, bmo#1802395)
      Memory safety bugs fixed in Thunderbird 102.6
* Fri Dec 02 2022 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 102.5.1
    * changed: Mail extension API updates. See Mail Extension API
      Docs.
    * fixed: "Copy to <folder> again" menu item was not present
      after copying message to folder with Unicode name on Unicode-
      enabled IMAP server (bmo#1798172)
    * fixed: Calendar date picker was displayed behind "Send Later"
      window (bmo#1791537)
    * fixed: Various security fixes
    MFSA 2022-50 (bsc#1205941)
    * CVE-2022-45414 (bmo#1788096)
      Quoting from an HTML email with certain tags will trigger
      network requests and load remote content, regardless of a
      configuration to block remote content
* Wed Nov 16 2022 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 102.5
    * changed: `Ctrl+N` shortcut to create new contacts from
      address book restored (bmo#1751288)
    * fixed: Account Settings UI did not update to reflect default
      identity changes (bmo#1782646)
    * fixed: New POP mail notifications were incorrectly shown for
      messages marked by filters as read or junk (bmo#1787531)
    * fixed: Connecting to an IMAP server configured to use
      `PREAUTH` caused Thunderbird to hang (bmo#1798161)
    * fixed: Error responses received in greeting header from NNTP
      servers did not display error message (bmo#1792281)
    * fixed: News messages sent using "Send Later" failed to send
      after going back online (bmo#1794997)
    * fixed: "Download/Sync Now..." did not completely sync all
      newsgroups before going offline (bmo#1795547)
    * fixed: Username was missing from error dialog on failed login
      to news server (bmo#1796964)
    * fixed: Thunderbird can now fetch RSS channel feeds with
      incomplete channel URL (bmo#1794775)
    * fixed: Add-on "Contribute" button in Add-ons Manager did not
      work (bmo#1795751)
    * fixed: Help text for `/part` Matrix command was incorrect
      (bmo#1795578)
    * fixed: Invite Attendees dialog did not fetch free/busy info
      for attendees with encoded characters in their name
      (bmo#1797927)
    * fixed: Various security fixes
    MFSA 2022-49 (bsc#1205270)
    * CVE-2022-45403 (bmo#1762078)
      Service Workers might have learned size of cross-origin media
      files
    * CVE-2022-45404 (bmo#1790815)
      Fullscreen notification bypass
    * CVE-2022-45405 (bmo#1791314)
      Use-after-free in InputStream implementation
    * CVE-2022-45406 (bmo#1791975)
      Use-after-free of a JavaScript Realm
    * CVE-2022-45408 (bmo#1793829)
      Fullscreen notification bypass via windowName
    * CVE-2022-45409 (bmo#1796901)
      Use-after-free in Garbage Collection
    * CVE-2022-45410 (bmo#1658869)
      ServiceWorker-intercepted requests bypassed SameSite cookie
      policy
    * CVE-2022-45411 (bmo#1790311)
      Cross-Site Tracing was possible via non-standard override
      headers
    * CVE-2022-45412 (bmo#1791029)
      Symlinks may resolve to partially uninitialized buffers
    * CVE-2022-45416 (bmo#1793676)
      Keystroke Side-Channel Leakage
    * CVE-2022-45418 (bmo#1795815)
      Custom mouse cursor could have been drawn over browser UI
    * CVE-2022-45420 (bmo#1792643)
      Iframe contents could be rendered outside the iframe
    * CVE-2022-45421 (bmo#1767920, bmo#1789808, bmo#1794061)
      Memory safety bugs fixed in Thunderbird 102.5
* Fri Nov 04 2022 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 102.4.2
    * changed: "Address Book" button in Account Central will now
      create a CardDAV address book instead of a local address book
      (bmo#1793903)
    * fixed: Messages fetched from POP server in `Fetch headers
      only` mode disappeared when moved to different folder by
      filter action (bmo#1793374)
    * fixed: Thunderbird re-downloaded locally deleted messages
      from a POP server when "Leave messages on server" and "Until
      I delete them" were enabled (bmo#1796903)
    * fixed: Multiple password prompts for the same POP account
      could be displayed (bmo#1786920)
    * fixed: IMAP authentication failed on next startup if ImapMail
      folder was deleted by user (bmo#1793599)
    * fixed: Retrieving passwords for authenticated NNTP accounts
      could fail due to obsolete preferences in a users profile on
      every startup (bmo#1770594)
    * fixed: `Get Next n Messages` did not consistently fetch all
      messages requested from NNTP server (bmo#1794185)
    * fixed: `Get Messages` button unable to fetch messages from
      NNTP server if root folder not selected (bmo#1792362)
    * fixed: Thunderbird text branding did not always match locale
      of localized build (bmo#1786199)
    * fixed: Thunderbird installer and Thunderbird updater created
      Windows shortcuts with different names (bmo#1787264)
    * fixed: LDAP search filters unable to work with non-ASCII
      characters (bmo#1794306)
    * fixed: "Today" highlighting in Calendar Month view did not
      update after date change at midnight (bmo#1795176)
* Wed Nov 02 2022 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 102.4.1
    * new: Thunderbird will now catch and report errors parsing
      vCards that contain incorrectly formatted dates (bmo#1793415)
    * fixed: Dynamic language switching did not update interface
      when switched to right-to-left languages (bmo#1794289)
    * fixed: Custom header data was discarded after messages were
      saved as draft and reopened (bmo#195716)
    * fixed: `-remote` command line argument did not work,
      affecting integration with various applications such as
      LibreOffice (bmo#1793323)
    * fixed: Messages received via some SMS-to-email services could
      not display images (bmo#1774805)
    * fixed: VCards with nickname field set could not be edited
      (bmo#1793877)
    * fixed: Some recurring events were missing from Agenda on
      first load (bmo#1771168)
    * fixed: Download requests for remote ICS calendars incorrectly
      set "Accept" header to text/xml (bmo#1793757)
    * fixed: Monthly events created on the 31st of a month with <30
      days placed first occurrence 1-2 days after the beginning of
      the following month (bmo#1266797)
    * fixed: Various visual and UX improvements
      (bmo#1781437,bmo#1785314,bmo#1794139,bmo#1794155,bmo#1794399)
* Tue Oct 18 2022 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 102.4.0
    * changed: Thunderbird will automatically detect and repair
      OpenPGP key storage corruption caused by using the profile
      import tool in Thunderbird 102 (bmo#1790610)
    * fixed: POP message download into a large folder (~13000
      messages) caused Thunderbird to temporarily freeze
      (bmo#1792675)
    * fixed: Forwarding messages with special characters in Subject
      failed on Windows (bmo#1782173)
    * fixed: Links for FileLink attachments were not added when
      attachment filename contained Unicode characters
      (bmo#1789589)
    * fixed: Address Book display pane continued to show contacts
      after deletion (bmo#1777808)
    * fixed: Printing address book did not include all contact
      details (bmo#1782076)
    * fixed: CardDAV contacts without a Name property did not save
      to Google Contacts (bmo#1792101)
    * fixed: "Publish Calendar" did not work (bmo#1794471)
    * fixed: Calendar database storage improvements (bmo#1792124)
    * fixed: Incorrectly handled error responses from CalDAV
      servers sometimes caused events to disappear from calendar
      (bmo#1792923)
    * fixed: Various visual and UX improvements (bmo#1776093,bmo#17
      80040,bmo#1780425,bmo#1792876,bmo#1792872,bmo#1793466,bmo#179
      3543)
    * fixed: Various security fixes
    MFSA 2022-46 (bsc#1204421)
    * CVE-2022-42927 (bmo#1789128)
      Same-origin policy violation could have leaked cross-origin
      URLs
    * CVE-2022-42928 (bmo#1791520)
      Memory Corruption in JS Engine
    * CVE-2022-42929 (bmo#1789439)
      Denial of Service via window.print
    * CVE-2022-42932 (bmo#1789729, bmo#1791363, bmo#1792041)
      Memory safety bugs fixed in Thunderbird 102.4
  - Rebase mozilla-silence-no-return-type.patch to apply with fuzz=0
  - Added mozilla-partial-revert-1768632.patch to fix build on i586
  - Mozilla Thunderbird 102.3.3
    * new: Option added to show containing address book for a
      contact when using `All Address Books` in vertical mode
      (bmo#1778871)
    * changed: Thunderbird will try to use POP NTLM authentication
      even if not advertised by server (bmo#1793349)
    * changed: Task List and Today Pane sidebars will no longer
      load when not visible (bmo#1788549)
    * fixed: Sending a message while a recipient pill was being
      modified did not save changes (bmo#1779785)
    * fixed: Nickname column was not available in horizontal view
      of Address Book (bmo#1778000)
    * fixed: Multiline organization values were displayed across
      two columns in horizontal view of Address Book (bmo#1777780)
    * fixed: Contact vCard fields with multiple values such as
      Categories were truncated when saved (bmo#1792399)
    * fixed: ICS calendar files with a `FREEBUSY` property could
      not be imported (bmo#1783441)
    * fixed: Thunderbird would hang if calendar event exceeded the
      year 2035 (bmo#1789999)
  - Mozilla Thunderbird 102.3.2
    * changed: Thunderbird will try to use POP CRAM-MD5
      authentication even if not advertised by server (bmo#1789975)
    * fixed: Checking messages on POP3 accounts caused POP folder
      to lock if mail server was slow or non-responsive
      (bmo#1792451)
    * fixed: Newsgroups named with consecutive dots would not
      appear when refreshing list of newsgroups (bmo#1787789)
    * fixed: Sending news articles containing lines starting with
      dot were sometimes clipped (bmo#1787955)
    * fixed: CardDAV server sync silently failed if sync token
      expired (bmo#1791183)
    * fixed: Contacts from LDAP on macOS address books were not
      displayed (bmo#1791347)
    * fixed: Chat account input now accepts URIs for supported chat
      protocols (bmo#1776706)
    * fixed: Chat ScreenName field was not migrated to new address
      book (bmo#1789990)
    * fixed: Creating a New Event from the Today Pane used the
      currently selected day from the main calendar instead of from
      the Today Pane (bmo#1791203)
    * fixed: `New Event` button in Today Pane was incorrectly
      disabled sometimes (bmo#1792058)
    * fixed: Event reminder windows did not close after being
      dismissed or snoozed (bmo#1791228)
    * fixed: Improved performance of recurring event date
      calculation (bmo#1787677)
    * fixed: Quarterly calendar events on the last day of the month
      repeated one month early (bmo#1789362)
    * fixed: Thunderbird would hang if calendar event exceeded the
      year 2035 (bmo#1789999)
    * fixed: Whitespace in calendar events was incorrectly handled
      when upgrading from Thunderbird 91 to 102 (bmo#1790339)
    * fixed: Various visual and UX improvements (bmo#1755623,bmo#17
      83903,bmo#1785851,bmo#1786434,bmo#1787286,bmo#1788151,bmo#178
      9728,bmo#1790499)
  - Mozilla Thunderbird 102.3.1
    * changed: Compose window encryption options now only appear
      for encryption technologies that have already been configured
      (bmo#1788988)
    * changed: Number of contacts in currently selected address
      book now displayed at bottom of Address Book list column
      (bmo#1745571)
    * fixed: Password prompt did not include server hostname for
      POP servers (bmo#1786920)
    * fixed: `Edit Contact` was missing from Contacts sidebar
      context menus (bmo#1771795)
    * fixed: Address Book contact lists cut off display of some
      characters, the result being unreadable (bmo#1780909)
    * fixed: Menu items for dark-themed alarm dialog were invisible
      on Windows 7 (bmo#1791738)
    * fixed: Various security fixes
    MFSA 2022-43 (bsc#1204411)
    * CVE-2022-39249 (bmo#1791765)
      Matrix SDK bundled with Thunderbird vulnerable to an
      impersonation attack by malicious server administrators
    * CVE-2022-39250 (bmo#1791765)
      Matrix SDK bundled with Thunderbird vulnerable to a device
      verification attack
    * CVE-2022-39251 (bmo#1791765)
      Matrix SDK bundled with Thunderbird vulnerable to an
      impersonation attack
    * CVE-2022-39236 (bmo#1791765)
      Matrix SDK bundled with Thunderbird vulnerable to a data
      corruption issue
  - Mozilla Thunderbird 102.3
    * changed: Thunderbird will no longer attempt to import account
      passwords when importing from another Thunderbird profile in
      order to prevent profile corruption and permanent data loss.
      (bmo#1790605)
    * changed: Devtools performance profile will use Thunderbird
      presets instead of Web Developer presets (bmo#1785954)
    * fixed: Thunderbird startup performance improvements
      (bmo#1785967)
    * fixed: Saving email source and images failed
      (bmo#1777323,bmo#1778804)
    * fixed: Error message was shown repeatedly when temporary disk
      space was full (bmo#1788580)
    * fixed: Attaching OpenPGP keys without a set size to non-
      encrypted messages briefly displayed a size of zero bytes
      (bmo#1788952)
    * fixed: Global Search entry box initially contained
      "undefined" (bmo#1780963)
    * fixed: Delete from POP Server mail filter rule intermittently
      failed to trigger (bmo#1789418)
    * fixed: Connections to POP3 servers without UIDL support
      failed (bmo#1789314)
    * fixed: Pop accounts with "Fetch headers only" set downloaded
      complete messages if server did not advertise TOP capability
      (bmo#1789356)
    * fixed: "File -> New -> Address Book Contact" from Compose
      window did not work (bmo#1782418)
    * fixed: Attach "My vCard" option in compose window was not
      available (bmo#1787614)
    * fixed: Improved performance of matching a contact to an email
      address (bmo#1782725)
    * fixed: Address book only recognized a contact's first two
      email addresses (bmo#1777156)
    * fixed: Address book search and autocomplete failed if a
      contact vCard could not be parsed (bmo#1789793)
    * fixed: Downloading NNTP messages for offline use failed
      (bmo#1785773)
    * fixed: NNTP client became stuck when connecting to Public-
      Inbox servers (bmo#1786203)
    * fixed: Various visual and UX improvements
      (bmo#1782235,bmo#1787448,bmo#1788725,bmo#1790324)
    * fixed: Various security fixes
    * unresolved: No dedicated "Department" field in address book
      (bmo#1777780)
    MFSA 2022-42 (bsc#1203477)
    * CVE-2022-3266 (bmo#1767360)
      Out of bounds read when decoding H264
    * CVE-2022-40959 (bmo#1782211)
      Bypassing FeaturePolicy restrictions on transient pages
    * CVE-2022-40960 (bmo#1787633)
      Data-race when parsing non-UTF-8 URLs in threads
    * CVE-2022-40958 (bmo#1779993)
      Bypassing Secure Context restriction for cookies with __Host
      and __Secure prefix
    * CVE-2022-40956 (bmo#1770094)
      Content-Security-Policy base-uri bypass
    * CVE-2022-40957 (bmo#1777604)
      Incoherent instruction cache when building WASM on ARM64
    * CVE-2022-3155 (bmo#1789061)
      Attachment files saved to disk on macOS could be executed
      without warning
    * CVE-2022-40962 (bmo#1776655, bmo#1777574, bmo#1784835,
      bmo#1785109, bmo#1786502, bmo#1789440)
      Memory safety bugs fixed in Thunderbird 102.3
* Thu Sep 08 2022 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 102.2.2
    * changed: Setting added to change Calendar event double-click
      action to open `Edit Event` dialog rather than view only; Set
      `calendar.events.defaultActionEdit` to `true`.
    * fixed: Running `Compact Folders` on maildir folders caused a
      redownload of all messages in the folder
    * fixed: Accessing mail folders in profiles with many folders
      was slow
    * fixed: SMTP servers were not always properly initialized, and
      were not listed in `Account Settings`
    * fixed: APOP authentication unsupported when connecting to
      POP3 server
    * fixed: OpenPGP key discovery failed
    * fixed: POP accounts hosted by AOL were not able to
      authenticate using OAuth2
    * fixed: Unable to open context menu in newsgroups header for
      groups that are not subscribed
* Thu Sep 01 2022 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 102.2.1
    * new: Commandline argument to open Calendar at startup added
      (`-calendar`)
    * changed: Buttons to connect automatically discovered Address
      Books and Calendar during `Account Setup` now displayed
    * fixed: Compacting IMAP folders failed when "Just mark as
      deleted" was set
    * fixed: Message threading status and sort order was not
      transferred when applying column layout to other folders
    * fixed: Folder names with half-width Kana characters were
      displayed incorrectly
    * fixed: Digital signing of messages was not disabled after
      switching to an identity that could not sign
    * fixed: POP message retrieval stopped after a network error
      occurred and connectivity was restored
    * fixed: Activity Manager didn't show "Get Messages" activity
      when "Leave messages on server" was turned off and no new
      messages were found
    * fixed: Mail quota color did not update properly for multiple
      accounts
    * fixed: Profile export failed if an expected file did not
      exist
    * fixed: `Check Spelling` dialog could exceed screen size when
      many dictionaries were available
    * fixed: Dragging a news message to the Desktop caused
      Thunderbird to hang when synchronized for offline use
    * fixed: `Remove All Expired Articles` was not displayed on
      expired NNTP messages
    * fixed: Sending messages to encrypted Matrix rooms failed in
      some cases
    * fixed: Adding a CalDAV calendar on BSD-based OS's failed due
      to DNS errors
    * fixed: Various visual and UX improvements
    * fixed: Various security fixes
    MFSA 2022-38 (bsc#1203007)
    * CVE-2022-3033 (bmo#1784838)
      Leaking of sensitive information when composing a response to
      an HTML email with a META refresh tag
    * CVE-2022-3032 (bmo#1783831)
      Remote content specified in an HTML document that was nested
      inside an iframe's srcdoc attribute was not blocked
    * CVE-2022-3034 (bmo#1745751)
      An iframe element in an HTML email could trigger a network
      request
    * CVE-2022-36059 (bmo#1787741)
      Matrix SDK bundled with Thunderbird vulnerable to denial-of-
      service attack
  - Mozilla Thunderbird 102.2
    * new: Config setting added to disable OpenPGP "encryption is
      possible" reminder: `mail.openpgp.remind_encryption_possible`
    * changed: Thunderbird on macOS will now prompt for Primary
      Password on startup if set
    * changed: Thunderbird will no longer offer to import OpenPGP
      keys that are incomplete
    * changed: Selecting or unselecting a dictionary in the
      `Spelling` compose toolbar button will no longer immediately
      close the menu; Making dictionary changes via the editor
      context menu will continue to close the context menu
    * changed: Contact address lines are now adjusted to appear in
      the expected order
    * changed: Custom1-4 fields restored to Address Book UI;
      existing data is preserved from pre-102 profiles
    * fixed: Thunderbird startup performance improvements
    * fixed: `ALT+<numpad digits>` keypress events were intercepted
      by the Spaces Toolbar, preventing special character entry on
      Windows
    * fixed: Searching on attachment status did not work in Message
      Search dialog
    * fixed: Repairing IMAP folders in Offline mode removed local
      copy of the folders
    * fixed: POP3 message download progress bar was not displayed
    * fixed: POP `Fetch headers only` mode did not work for some
      server configurations
    * fixed: POP accounts using GSSAPI or NTLM authentication were
      not able to log into the server
    * fixed: A TLS certificate override dialog for self-signed
      certificates was not shown for IMAP accounts
    * fixed: Saving attachments from newsgroups did not work
    * fixed: Setting contact type to "None" was not possible if a
      type was previously set
    * fixed: Editing a contact without Name fields populated filled
      in the email address into the name fields
    * fixed: Address book toolbar buttons were not keyboard
      accessible
    * fixed: Auto-detection of CalDAV and CardDAV via DNS records
      used server domain leading to failures
    * fixed: Various visual and theme improvements
    * fixed: Various security fixes
    MFSA 2022-36 (bsc#1202645)
    * CVE-2022-38472 (bmo#1769155)
      Address bar spoofing via XSLT error handling
    * CVE-2022-38473 (bmo#1771685)
      Cross-origin XSLT Documents would have inherited the parent's
      permissions
    * CVE-2022-38476 (bmo#1760998)
      Data race and potential use-after-free in PK11_ChangePW
    * CVE-2022-38477 (bmo#1760611, bmo#1770219, bmo#1771159,
      bmo#1773363)
      Memory safety bugs fixed in Thunderbird 102.2
    * CVE-2022-38478 (bmo#1770630, bmo#1776658)
      Memory safety bugs fixed in Thunderbird 102.2, and
      Thunderbird 91.13
  - Mozilla Thunderbird 102.1.2
    * fixed: The fix for bug 1777765 (no POP download progress bar)
      was backed out from this release to address broken POP
      message download with `Fetch headers only` selected in
      Account Settings (bug 1783552).
* Mon Aug 08 2022 martin.sirringhaus@suse.com
  - Add mozilla-bmo1775202.patch to fix build on ppc64le
  - Mozilla Thunderbird 102.1.1
    * changed: OpenPGP Key Manager will clear selected keys after a
      deletion is performed
    * fixed: Update notification popups were still displayed after
      switching to another desktop workspace on Linux
    * fixed: macOS display issues made Thunderbird unusable
    * fixed: OpenPGP public key was not automatically attached
      after enabling encryption from reminder and default setting
      is "Do not encrypt"
    * fixed: Importing OpenPGP keys stored in binary format failed
    * fixed: Exporting an OpenPGP public key from Account Settings
      failed
    * fixed: Saving encrypted OpenPGP attachments created corrupt
      files
    * fixed: Receiving many OpenPGP keys in a single email caused
      Thunderbird to hang
    * fixed: POP3 message download progress bar was not displayed
    * fixed: OAuth2 authentication was not available when the mail
      domain did not match the OAuth provider domain
    * fixed: OAuth did not work with some POP servers
    * fixed: RSS feed URL links in headers panel could not be
      activated by keyboard
    * fixed: Self-signed TLS certificates did not work with POP3
      connections
    * fixed: Non-ascii characters in passwords did not work with
      POP3 connections
    * fixed: An error was not displayed when an incorrect password
      was entered for a POP3 account
    * fixed: NNTP articles were not displayed in preview pane when
      a Primary Password was set
    * fixed: NNTP articles did not download when the hostname of
      the server was not all in lower-case
    * fixed: Saving NNTP messages to local disk failed
    * fixed: Drag and Drop from Address Book into Compose window
      sometimes added unexpected contacts to the target
    * fixed: "Default" label not shown for emails when editing a
      contact
    * fixed: Contact Title, Role, and Organization fields could be
      displayed in the wrong order
    * fixed: Contact birthdays on February 29 were displayed
      incorrectly in non-leap years
    * fixed: Detection of photos in vCards improved
    * fixed: Drag and drop contacts to another address book was not
      available
    * fixed: Contacts stored in a Google CardDAV address book
      contained extra backslashes in text fields
    * fixed: Contacts without First/Last/Display Names appeared
      blank in contact list
    * fixed: Auto-attaching vCard and OpenPGP keys did not always
      work as expected
    * fixed: Settings page used caused excessive CPU usage
    * fixed: Calendar did not respect `Date and Time Formatting` in
      Settings
    * fixed: OpenPGP Key Import wizard did not adapt to dark theme
    * fixed: Various visual and theme improvements
    * fixed: Various accessibility improvements
    * unresolved: "Get Map" feature missing from address book for
      physical addresses
  - Mozilla Thunderbird 102.1.0
    * fixed: Activity Manager did not display POP message downloads
    * fixed: Mail Folder Properties dialog was not sized correctly,
      cutting off contents
    * fixed: Expired news messages did not display an error
    * fixed: Calendar Column Picker closed prematurely after
      selecting/deselecting a single column
    * fixed: Various UI improvements
    * fixed: Various security fixes
    MFSA 2022-32 (bsc#1201758)
    * CVE-2022-36319 (bmo#1737722)
      Mouse Position spoofing with CSS transforms
    * CVE-2022-36318 (bmo#1771774)
      Directory indexes for bundled resources reflected URL
      parameters
    * CVE-2022-36314 (bmo#1773894)
      Opening local <code>.lnk</code> files could cause unexpected
      network loads
    * CVE-2022-2505 (bmo#1769739, bmo#1772824)
      Memory safety bugs fixed in Thunderbird 102.1
  - Mozilla Thunderbird 102.0.3
    * changed: Support for Google Talk chat accounts removed
    * fixed: Thunderbird could crash on startup on Windows 11
    * fixed: After compacting folders, new downloaded messages were
      inaccessible
    * fixed: Marking a message as a Favorite (starred) did not
      update the thread pane when using Unified Folders
    * fixed: Compose window failed to populate some fields when
      S/MIME was configured
    * fixed: Non-text attachments has an incorrect
      "charset=windows-1250" mime header
    * fixed: Messages sent as attachments incorrectly had an
      "X-Mozilla-Cloud-Part" header
    * fixed: Improved Address Book import/export support in Profile
      Importer
    * fixed: IMAP stability improvements
    * fixed: Offline cache was unusable for NNTP accounts
    * fixed: Signing S/MIME messages failed
    * fixed: Various UI improvements
  - Mozilla Thunderbird 102.0.2
    * changed: Double-clicking chat messages will no longer execute
      a default action
    * fixed: "File" menu was covered by Spaces Toolbar
    * fixed: Sub-folders with new messages were not highlighted
      until clicked
    * fixed: Attachment paper clip was cut off in message list
    * fixed: OpenPGP signatures were broken when "Primary Password"
      dialog remained open
    * fixed: Non-ASCII messages forwarded as attachments were
      garbled
    * fixed: Importing from Seamonkey or Outlook failed in second
      step
    * fixed: Deleting messages from a POP server occasionally
      failed
    * fixed: Offline cache was unusable for NNTP accounts
    * fixed: News messages were not shown in preview pane
    * fixed: Address fields were not populated when using "Edit as
      new message"
    * fixed: Sometimes only the first letter of a contact's
      Organization name was displayed
    * fixed: Double-click to edit selected contacts action did not
      work
    * fixed: Some CardDAV contact fields were displayed with
      additional backslashes in the value
    * fixed: Pending chat message contents were not updated when
      the conversation was not selected
    * fixed: Various UI improvements
  - Mozilla Thunderbird 102.0.1
    * fixed: Mailbox MSF files could become corrupt in some
      circumstances
    * fixed: OpenPGP Key Assistant did not show status for
      addresses handled by aliases
    * fixed: Attaching an external OpenPGP public key failed if
      configured with a subkey ID
    * fixed: Thunderbird continued using an old password after
      changing it
    * fixed: New mail notifications were only shown for one mail
      account when multiple accounts were configured
    * fixed: LDAP Address Books could not be configured using IPv6
      address literals
    * fixed: CardDAV contacts (notably Google-hosted) with more
      than one email address were not always editable
    * fixed: Address Book accessibility improvements
    * fixed: Various UI improvements
    * fixed: Icons converted to new style
  - Mozilla Thunderbird 102.0
    * new: Thunderbird will now display a message when an upgrade
      migration task is taking a long time to complete
    * new: es-MX localized build now available
    * new: What's new link displayed in About: dialog
    * new: Profile Import/Export UI refreshed and moved to a tab
    * new: Commandline tools now included for OpenPGP debugging
    * new: Thunderbird may now be built with OpenPGP support and a
      system librnp
    * new: Added menu option to permanently decrypt OpenPGP
      encrypted messages to a folder
    * new: OpenPGP: Public keys from email attachments and
      autocrypt headers now cached for future use
    * new: Expired OpenPGP recipient keys now indicated in compose
      window
    * new: OpenPGP Key Assistant enabled by default
    * new: OpenPGP Key Properties now supports refreshing keys from
      key server
    * new: Spaces vertical toolbar for easier in-app navigation
    * new: Compose toolbar button for OpenPGP & S/MIME signing
      available via "Customize Toolbar"
    * new: "Select all addresses" now supported from composer pill
      context menu
    * new: Multiple active spelling dictionaries now supported in
      compose window
    * new: `Add dictionaries` item added to `Spelling` button in
      compose window
    * new: Added config option to more aggressively warn sender
      about having many public recipients to an email
      (`mail.compose.warn_public_recipients.aggressive`)
    * new: Exporting current profile now supported on importing tab
    * new: Back/Forward keyboard shortcuts added to Addon Manager
    * new: New Address Book UI and significant backend overhaul
    * new: Importing sqlite address books now supported
    * new: Importing addressbooks via CSV file now supports semi-
      colon (;) delimited files
    * new: Opening a **news://** URL now works if an account is not
      configured for that news server
    * new: Google Talk chat accounts now support logging in with
      OAuth2
    * new: Matrix chat support enabled by default. This is a
    * *beta** feature.
    * new: Printing using the system dialog without preview now
      supported; Set `print.prefer_system_dialog` to `true`
    * new: Removing events from a calendar now prompts for
      confirmation
    * new: Upcoming events in the Today Pane show how far away they
      are
    * new: Icons now displayed on recurring events and modified
      events within a recurring series
    * changed: SMTP client will now ignore socket errors after
      `QUIT` command is sen
    * changed: Javascript POP implementation enabled by default
    * changed: Buttons on "Update Failed" popup now open Beta and
      Release specific pages on Thunderbird website
    * changed: Replace "About Junk Mail" dialog with a link to the
      support page
    * changed: [macOS] Account settings moved to application menu
    * changed: New profiles will default to using "Threaded"
      message view
    * changed: "Discover OpenPGP Key" context menu item is no
      longer displayed when a key is already available
    * changed: Duplicated OpenPGP encrypted attachments were shown
      when `display-attachments-inline` was enabled
    * changed: Replaced Security compose toolbar button with
      Encryption toggle and Encryption options buttons
    * changed: OpenPGP dialog for key "acceptance per email" now
      displayed in more circumstances
    * changed: OpenPGP `Key Manager` dialog layout improvements
    * changed: Writing OpenPGP keyring data will block Thunderbird
      shutdown to prevent data loss
    * changed: When automatically attaching OpenPGP keys to emails,
      Thunderbird will strip key certificates
    * changed: A notification bar in the compose window will be
      displayed if encryption is possible but not enabled
    * changed: Inline attachment filenames now sent without data-
      uri encoding
    * changed: Per-recipient and per-domain email format
      preferences removed; Sending options moved to Compose
      Settings
    * changed: Thunderbird can now be used without setting up a
      mail account
    * changed: NNTP account set up moved to its own wizard; "Other
      accounts" wizard removed
    * changed: Account Manager UI updated
    * changed: Email account provisioner moved to a tab
    * changed: Link to create a new email address in Account Setup
      now hidden if "Email address" contains a value
    * changed: Addon Search will no longer display addons that are
      incompatible
    * changed: Searching from the `Themes` page of Addon Manager
      will now limit search results to only include themes
    * changed: Additional fields for download limits, expiration,
      and password protection added to FileLink template
    * changed: FileLink will check the provider for sufficient
      space before uploading
    * changed: "PreferMailFormat" property removed from addressbook
    * changed: Address book contact data is now stored in the vCard
      format. The change isn't backwards-compatible; backups are
      stored in the profile directory.
    * changed: Default install directory for Thunderbird Beta
      changed to not conflict with release versions
    * changed: Tab icons updated
    * changed: Message Header toolbar buttons will not display a
      border when set to show icons only
    * changed: New message detection for non-INBOX IMAP folders
      improved
    * changed: New Javascript NNTP implementation enabled by
      default; Set `mailnews.nntp.jsmodule` to `false` to disable
    * changed: Preference for OTR encrypted conversation logging
      moved to Protocol settings
    * changed: Thunderbird will not try to use OTR Chat encryption
      if the protocol supports native encryption
    * changed: Invitations to IRC and XMPP chat rooms will now
      prompt the user if they would like to join
    * changed: Today Pane UI refreshed
    * changed: Thunderbird will not support "Secondly" or
      "Minutely" recurring calendar events
    * changed: Default action of `Edit` button in recurring event
      dialog changed to display submenu
    * changed: Support for importing and exporting calendars from
      Outlook CSV format was removed
    * changed: Thunderbird will now delay refreshing cached
      calendars at start-up
    * changed: Javascript Ical parser (ical.js) enabled by default
    * fixed: Opening "cid:" links failed
    * fixed: Message download progress was calculated incorrectly
    * fixed: `Ctrl+mouse wheel` did not zoom in the message source
      window
    * fixed: `Open message in containing folder` did not work for
      standalone windows
    * fixed: Multi-message view was not fully scrollable
    * fixed: Messages did not reload in all open windows after Junk
      status was changed
    * fixed: Detached attachments were opened from a temporary copy
      instead of the selected save location
    * fixed: IMAP folder subscription changes on servers using
      OAuth2 authentication were not reflected in folder pane until
      Thunderbird was restarted
    * fixed: Improved error reporting for external GnuPG
      configurations
    * fixed: Incorrect OpenPGP preferences were used for secondary
      identities
    * fixed: Adding an expiry date to an OpenPGP key that did not
      have one was not possible
    * fixed: UI showed old OpenPGP key expiry date after changing
      it
    * fixed: Importing large OpenPGP key files failed
    * fixed: OpenPGP "Repair Message" button did not work with some
      emails
    * fixed: Importing OpenPGP public keys without a blank line
      following the header failed
    * fixed: Dragging and dropping multiple email attachments
      between windows did not always copy all attachments
    * fixed: Attachment bar in message compose window was not
      keyboard accessible
    * fixed: Triggering recipient pill creation in the compose
      window incorrectly used the entire field as input
    * fixed: Compose notification bars were not easily accessible
      via keyboard
    * fixed: "Save message" confirmation dialog buttons were not
      navigable using arrow keys
    * fixed: Focus jumped in compose window when closing the
      contacts sidebar
    * fixed: Save dialog was incorrectly shown when closing empty
      composer windows
    * fixed: Incorrect access key used for `File->New->Message`
      menu item
    * fixed: Changing focus in the compose window with multiple
      recipient pills selected did not always deselect the pills
    * fixed: Sending a message with non-ascii characters in
      recipient local parts failed unexpectedly when the server did
      not support SMTPUTF8
    * fixed: LDAP Autoconfig could block Thunderbird startup
    * fixed: Improvements to the Import/Export feature
    * fixed: Configuring multiple SMTP accounts using the same
      server was not possible
    * fixed: `Empty Trash on Exit` did not work with IMAP accounts
      using OAuth2 authentication
    * fixed: IMAP server hostname changes were not reflected in
      `Folder Properties` dialog
    * fixed: Addons automatically updated when Thunderbird updated
      despite Addon updates being turned off
    * fixed: Message size calculations incorrectly included
      FileLink attachments
    * fixed: After converting a FileLink attachment back to an
      e-mail attachment, the privacy notification persisted
    * fixed: A failed FileLink provider change removed the
      attachment completely
    * fixed: Subscribing to CardDAV address books from Account
      Setup tab did not subscribe to all selected address books
    * fixed: Adding CardDAV address books failed if an addon-
      provided address book was present
    * fixed: Messages with Message-Id headers longer than 332
      characters could not be forwarded
    * fixed: SMTP send progress bar could trigger high CPU usage
      when the server connection failed
    * fixed: Improved POP server authentication detection during
      Account Setup
    * fixed: News folders did not display biff indicator
    * fixed: IMAP flag changes from another client were not seen
      after some inactivity
    * fixed: Recipients were not de-duplicated before sending,
      leading to sending errors
    * fixed: Chat conversations' context menu did not recognize
      links
    * fixed: Chat username splitting in the account wizard did not
      work after changing protocols
    * fixed: Removing obsolete proprietary chat accounts did not
      work
    * fixed: OTR encrypted chat did not work on FreeBSD
    * fixed: Event edit toolbar button was not disabled when an
      invitation was selected
    * fixed: Event view headers and content were not lined up
      consistently for RTL locales
    * fixed: Mini-month views did not properly update at midnight
    * fixed: Some labels in Calendar were displayed in multiple
      languages
    * fixed: Thunderbird permitted inline editing of read-only
      event titles
    * fixed: Calendar view reloaded when switching tabs
    * fixed: It was possible to create annual calendar events with
      invalid days
    * fixed: Detection of attached vCalendar files improved
    * fixed: Reminders for events created by another user could not
      be closed
    * fixed: MS Teams meeting event descriptions were unreadable
      when stored on Google Calendar
    * fixed: Adding a Google calendar with a non-gmail or
      googlemail e-mail address failed
    * fixed: Accepting a recurrence exception to an event accepted
      event associated with the original recurring event rather
      than the exception
    * fixed: Various security fixes
    MFSA 2022-26 (bsc#1200793)
    * CVE-2022-34479 (bmo#1745595)
      A popup window could be resized in a way to overlay the
      address bar with web content
    * CVE-2022-34470 (bmo#1765951)
      Use-after-free in nsSHistory
    * CVE-2022-34468 (bmo#1768537)
      CSP sandbox header without `allow-scripts` can be bypassed
      via retargeted javascript: URI
    * CVE-2022-2226 (bmo#1775441)
      An email with a mismatching OpenPGP signature date was
      accepted as valid
    * CVE-2022-34481 (bmo#1497246)
      Potential integer overflow in ReplaceElementsAt
    * CVE-2022-31744 (bmo#1757604)
      CSP bypass enabling stylesheet injection
    * CVE-2022-34472 (bmo#1770123)
      Unavailable PAC file resulted in OCSP requests being blocked
    * CVE-2022-34478 (bmo#1773717)
      Microsoft protocols can be attacked if a user accepts a
      prompt
    * CVE-2022-2200 (bmo#1771381)
      Undesired attributes could be set as part of prototype
      pollution
    * CVE-2022-34484 (bmo#1763634, bmo#1772651)
      Memory safety bugs fixed in Thunderbird 91.11 and Thunderbird
      102
* Fri Jul 29 2022 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 91.12
    * changed: Support for Google Talk chat accounts removed
    * fixed: OpenPGP signatures were broken when "Primary Password"
      dialog remained open
    * fixed: Various security fixes
    MFSA 2022-31 (bsc#1201758)
    * CVE-2022-36319 (bmo#1737722)
      Mouse Position spoofing with CSS transforms
    * CVE-2022-36318 (bmo#1771774)
      Directory indexes for bundled resources reflected URL
      parameters
* Wed Jun 29 2022 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 91.11
    * fixed: CLIENTID fix for bmo#1759197 in Thunderbird 91.8.1 did
      not work; additional fix applied
    * fixed: "Save-As" attachment dialog did not have filename pre-
      populated
    * fixed: Various security fixes
    MFSA 2022-26 (bsc#1200793)
    * CVE-2022-34479 (bmo#1745595)
      A popup window could be resized in a way to overlay the
      address bar with web content
    * CVE-2022-34470 (bmo#1765951)
      Use-after-free in nsSHistory
    * CVE-2022-34468 (bmo#1768537)
      CSP sandbox header without `allow-scripts` can be bypassed
      via retargeted javascript: URI
    * CVE-2022-2226 (bmo#1775441)
      An email with a mismatching OpenPGP signature date was
      accepted as valid
    * CVE-2022-34481 (bmo#1497246)
      Potential integer overflow in ReplaceElementsAt
    * CVE-2022-31744 (bmo#1757604)
      CSP bypass enabling stylesheet injection
    * CVE-2022-34472 (bmo#1770123)
      Unavailable PAC file resulted in OCSP requests being blocked
    * CVE-2022-34478 (bmo#1773717)
      Microsoft protocols can be attacked if a user accepts a
      prompt
    * CVE-2022-2200 (bmo#1771381)
      Undesired attributes could be set as part of prototype
      pollution
    * CVE-2022-34484 (bmo#1763634, bmo#1772651)
      Memory safety bugs fixed in Thunderbird 91.11 and Thunderbird
      102
* Wed Jun 01 2022 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 91.10
    * fixed: Various UX and theme improvements
    * fixed: Various security fixes
    MFSA 2022-22 (bsc#1200027)
    * CVE-2022-31736 (bmo#1735923)
      Cross-Origin resource's length leaked
    * CVE-2022-31737 (bmo#1743767)
      Heap buffer overflow in WebGL
    * CVE-2022-31738 (bmo#1756388)
      Browser window spoof using fullscreen mode
    * CVE-2022-31739 (bmo#1765049)
      Attacker-influenced path traversal when saving downloaded
      files
    * CVE-2022-31740 (bmo#1766806)
      Register allocation problem in WASM on arm64
    * CVE-2022-31741 (bmo#1767590)
      Uninitialized variable leads to invalid memory read
    * CVE-2022-1834 (bmo#1767816)
      Braille space character caused incorrect sender email to be
      shown for a digitally signed email
    * CVE-2022-31742 (bmo#1730434)
      Querying a WebAuthn token with a large number of
      allowCredential entries may have leaked cross-origin
      information
    * CVE-2022-31747 (bmo#1760765, bmo#1765610, bmo#1766283,
      bmo#1767365, bmo#1768559, bmo#1768734)
      Memory safety bugs fixed in Thunderbird 91.10
* Mon May 23 2022 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 91.9.1
    * fixed: Various security fixes
    MFSA 2022-19 (bsc#1199768)
    * CVE-2022-1802 (bmo#1770137)
      Prototype pollution in Top-Level Await implementation
    * CVE-2022-1529 (bmo#1770048)
      Untrusted input used in JavaScript object indexing, leading
      to prototype pollution
* Mon May 09 2022 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 91.9
    * changed: A warning is now displayed if an OpenPGP key has
      unsafe attributes that are ignored; See support article.
    * fixed: OpenPGP integration in Thunderbird 91.8.0 and 91.8.1
      did not allow SHA-1 key signatures
    * fixed: macOS disk image graphics updated
    * fixed: CalDAV calendars were marked read-only on startup
    * fixed: Task creation field on macOS incorrectly displayed a
      search icon
    * fixed: Various security fixes
    MFSA 2022-18 (bsc#1198970)
    * CVE-2022-1520 (bmo#1745019)
      Incorrect security status shown after viewing an attached
      email
    * CVE-2022-29914 (bmo#1746448)
      Fullscreen notification bypass using popups
    * CVE-2022-29909 (bmo#1755081)
      Bypassing permission prompt in nested browsing contexts
    * CVE-2022-29916 (bmo#1760674)
      Leaking browser history with CSS variables
    * CVE-2022-29911 (bmo#1761981)
      iframe sandbox bypass
    * CVE-2022-29912 (bmo#1692655)
      Reader mode bypassed SameSite cookies
    * CVE-2022-29913 (bmo#1764778)
      Speech Synthesis feature not properly disabled
    * CVE-2022-29917 (bmo#1684739, bmo#1706441, bmo#1753298,
      bmo#1762614, bmo#1762620)
      Memory safety bugs fixed in Thunderbird 91.9
* Fri Apr 08 2022 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 91.8
    * changed: Google accounts using password authentication will
      be migrated to OAuth2. See KB Article.
    * fixed: OpenPGP ECC keys created by Thunderbird could not be
      imported into GnuPG
    * fixed: Exporting multiple public PGP keys from Thunderbird
      was not possible
    * fixed: Replying to a newsgroup message erroneously displayed
      a "No-reply" popup warning
    * fixed: Opening `mid:` URLs on macOS failed
    * fixed: Address books stored in older formats were loaded as
      SQLite files, causing a crash
    * fixed: Replicated LDAP directories were lost after switching
      Thunderbird to "Offline"`mode
    * fixed: Importing webcals from the commandline failed if the
      URI ended with an `.ics` file extension
    * fixed: Various security fixes
    MFSA 2022-15 (bsc#1197903)
    * CVE-2022-1097 (bmo#1745667)
      Use-after-free in NSSToken objects
    * CVE-2022-28281 (bmo#1755621)
      Out of bounds write due to unexpected WebAuthN Extensions
    * CVE-2022-1197 (bmo#1754985)
      OpenPGP revocation information was ignored
    * CVE-2022-1196 (bmo#1750679)
      Use-after-free after VR Process destruction
    * CVE-2022-28282 (bmo#1751609)
      Use-after-free in DocumentL10n::TranslateDocument
    * CVE-2022-28285 (bmo#1756957)
      Incorrect AliasSet used in JIT Codegen
    * CVE-2022-28286 (bmo#1735265)
      iframe contents could be rendered outside the border
    * CVE-2022-24713 (bmo#1758509)
      Denial of Service via complex regular expressions
    * CVE-2022-28289 (bmo#1663508, bmo#1744525, bmo#1753508,
      bmo#1757476, bmo#1757805, bmo#1758549, bmo#1758776)
      Memory safety bugs fixed in Thunderbird 91.8
* Thu Mar 17 2022 martin.sirringhaus@suse.com
  - Add cpu-flag `asimdrdm` to aarch64 constraints, to select newer,
    faster buildhosts, as the others struggle to build TB.
* Thu Mar 10 2022 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 91.7
    * changed: Thunderbird will use the first occurrence of headers
      that should only appear once
    * fixed: Auto-complete incorrectly changed a pasted email
      address to the primary address of a contact
    * fixed: Attachments with filename extensions that were not
      registered in MIME types could not be opened
    * fixed: Copy/Cut/Paste actions not working in Thunderbird
      Preferences
    * fixed: Improved screen reader support of displayed message
      headers
    * fixed: Various security fixes
    MFSA 2022-12 (bsc#1196900)
    * CVE-2022-26383 (bmo#1742421)
      Browser window spoof using fullscreen mode
    * CVE-2022-26384 (bmo#1744352)
      iframe allow-scripts sandbox bypass
    * CVE-2022-26387 (bmo#1752979)
      Time-of-check time-of-use bug when verifying add-on
      signatures
    * CVE-2022-26381 (bmo#1736243)
      Use-after-free in text reflows
    * CVE-2022-26386 (bmo#1752396)
      Temporary files downloaded to /tmp and accessible by other
      local users
* Tue Mar 08 2022 cgrobertson@suse.com
  - Mozilla Thunderbird 91.6.2
    * fixed: Temporary files from opened attachments were saved
      with world-readable permission
    * fixed: Various security fixes
    MFSA 2022-09 (bsc#1196809)
    * CVE-2022-26485 (bmo#1758062)
      Use-after-free in XSLT parameter processing
    * CVE-2022-26486 (bmo#1758070)
      Use-after-free in WebGPU IPC Framework
* Thu Feb 17 2022 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 91.6.1
    * changed: Thunderbird generated views of meeting invitations
      are now expanded by default
    * fixed: Emails were not downloading at startup under some
      conditions
    * fixed: Port numbers were not shown in "Confirm Security
      Exception" dialog for CalDAV connections
    * fixed: Various security fixes
    MFSA 2022-07 (bsc#1196072)
    * CVE-2022-0566 (bmo#1753094)
      Crafted email could trigger an out-of-bounds write
* Tue Feb 15 2022 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 91.6
    * new: Thunderbird will now offer to send large forwarded
      attachments via FileLink
    * fixed: Partially signed unencrypted messages displayed an
      incorrect "partially encrypted" notification
    * fixed: Attachments filenames were not sanitized before saving
      to disk
    * fixed: In the attachment bar, the "Import OpenPGP Key" item
      displayed for public keys displayed an error and did not
      import the key
    * fixed: "Open with" attachment dialog did not have a selected
      radio button option
    * fixed: Various security fixes
    MFSA 2022-06 (bsc#1195682)
    * CVE-2022-22753 (bmo#1732435)
      Privilege Escalation to SYSTEM on Windows via Maintenance
      Service
    * CVE-2022-22754 (bmo#1750565)
      Extensions could have bypassed permission confirmation during
      update
    * CVE-2022-22756 (bmo#1317873)
      Drag and dropping an image could have resulted in the dropped
      object being an executable
    * CVE-2022-22759 (bmo#1739957)
      Sandboxed iframes could have executed script if the parent
      appended elements
    * CVE-2022-22760 (bmo#1740985, bmo#1748503)
      Cross-Origin responses could be distinguished between script
      and non-script content-types
    * CVE-2022-22761 (bmo#1745566)
      frame-ancestors Content Security Policy directive was not
      enforced for framed extension pages
    * CVE-2022-22763 (bmo#1740534)
      Script Execution during invalid object state
    * CVE-2022-22764 (bmo#1742682, bmo#1744165, bmo#1746545,
      bmo#1748210, bmo#1748279)
      Memory safety bugs fixed in Thunderbird 91.6
* Mon Jan 17 2022 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 91.5
    * fixed: RSS keyword labels without a configured color were
      illegible
    * fixed: Thunderbird "about:" dialog did not identify third-
      party repackaged distributions such as Flatpaks
    * fixed: Various security fixes
    MFSA 2022-03 (bsc#1194547)
    * CVE-2022-22746 (bmo#1735071)
      Calling into reportValidity could have lead to fullscreen
      window spoof
    * CVE-2022-22743 (bmo#1739220)
      Browser window spoof using fullscreen mode
    * CVE-2022-22742 (bmo#1739923)
      Out-of-bounds memory access when inserting text in edit mode
    * CVE-2022-22741 (bmo#1740389)
      Browser window spoof using fullscreen mode
    * CVE-2022-22740 (bmo#1742334)
      Use-after-free of ChannelEventQueue::mOwner
    * CVE-2022-22738 (bmo#1742382)
      Heap-buffer-overflow in blendGaussianBlur
    * CVE-2022-22737 (bmo#1745874)
      Race condition when playing audio files
    * CVE-2021-4140 (bmo#1746720)
      Iframe sandbox bypass with XSLT
    * CVE-2022-22748 (bmo#1705211)
      Spoofed origin on external protocol launch dialog
    * CVE-2022-22745 (bmo#1735856)
      Leaking cross-origin URLs through securitypolicyviolation
      event
    * CVE-2022-22744 (bmo#1737252)
      The 'Copy as curl' feature in DevTools did not fully escape
      website-controlled data, potentially leading to command
      injection
    * CVE-2022-22747 (bmo#1735028)
      Crash when handling empty pkcs7 sequence
    * CVE-2022-22739 (bmo#1744158)
      Missing throttling on external protocol launch dialog
    * CVE-2022-22751 (bmo#1664149, bmo#1737816, bmo#1739366,
      bmo#1740274, bmo#1740797, bmo#1741201, bmo#1741869,
      bmo#1743221, bmo#1743515, bmo#1745373, bmo#1746011)
      Memory safety bugs fixed in Thunderbird 91.5
* Mon Jan 03 2022 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 91.4.1
    * fixed: Attachments that should open in Thunderbird, such as
      ICS attachments, offered to save the file instead
    * fixed: Saving attachments from IMAP accounts where usernames
      contained special characters failed
    * fixed: Temporary files created for forwarded attachments
      sometimes had the wrong extension
    * fixed: S/MIME signatures were shown as invalid by Outlook
    * fixed: URL input boxes on content tabs erroneously displayed
      a search glass icon on macOS
    * fixed: Message bars (such as content blocking) did not use
      high contrast theme colors
    * fixed: Some messages with autocrypt headers loaded slowly,
      causing Thunderbird to hang
    * fixed: Server hostnames were cut-off in the account manager
    * fixed: Account Setup did not support non-ASCII characters in
      passwords
    * fixed: Account Setup did not always retain set values
    * fixed: Virtual folders did not retain folder selection when a
      folder name contained non-ASCII characters
    * fixed: Messages saved as "html" or "eml" did not include
      message headers
    * fixed: "Private web page" field was not included when
      exporting a contact to a vCard
    * fixed: Addons were still active after restarting Thunderbird
      in troubleshooting mode with "disable all addons" checked
    * fixed: FileLink attachments did not always display the
      FileLink provider's icon
    * fixed: FileLink privacy notifications persisted in the
      compose window after removing all FileLink attachments
    * fixed: "Loading" icon remained after a FileLink upload failed
    * fixed: Lengthy event names for multiday events did not wrap
    * fixed: Various theme and UX improvements
    * fixed: Various security fixes
    MFSA 2021-55 (bsc#1194215)
    * CVE-2021-4126 (bmo#1732310)
      OpenPGP signature status doesn't consider additional message
      content
    * CVE-2021-44538 (bmo#1744056)
      Matrix chat library libolm bundled with Thunderbird
      vulnerable to a buffer overflow
* Wed Dec 08 2021 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 91.4.0
    * fixed: IMAP startup performance improved for accounts with a
      multitude of folders
    * fixed: Thunderbird failed to send messages when configured to
      use an IPv6 SMTP server by IP address (instead of a hostname)
    * fixed: Forwarding messages with attachments sometimes failed
    * fixed: Printing multiple messages at once was not possible
    * fixed: Non-utf8 news groups were not supported
    * fixed: Thunderbird stalled after sending a message with NNTP
      and SMTP recipients
    * fixed: Using Thunderbird with multiple language packs caused
      high RAM and CPU use and sluggish performance
    * fixed: Clicking a "mailto:" started the composer with the
      default sending identity instead of a configured alternate
    * fixed: Drag and dropped text into a plain text message in the
      compose window was handled inconsistently
    * fixed: FileLink messages did not display correctly when
      viewed in Outlook
    * fixed: In account setup, after selecting an extension
      provided protocol, it was not possible to create an IMAP/POP
      account
    * fixed: Multiday selections were not cleared when changing
      week viewed
    * fixed: When creating a new event by clicking and dragging the
      mouse to create a box, the view did not auto-scroll after
      reaching the bottom
    * fixed: Calendar Invitation Panel did not scroll when multiple
      invitations were pending
    * fixed: Calendar print dialog did not have a cancel button
    * fixed: Various security fixes
    MFSA 2021-54 (bsc#1193485)
    * CVE-2021-43536 (bmo#1730120)
      URL leakage when navigating while executing asynchronous
      function
    * CVE-2021-43537 (bmo#1738237)
      Heap buffer overflow when using structured clone
    * CVE-2021-43538 (bmo#1739091)
      Missing fullscreen and pointer lock notification when
      requesting both
    * CVE-2021-43539 (bmo#1739683)
      GC rooting failure when calling wasm instance methods
    * CVE-2021-43541 (bmo#1696685)
      External protocol handler parameters were unescaped
    * CVE-2021-43542 (bmo#1723281)
      XMLHttpRequest error codes could have leaked the existence of
      an external protocol handler
    * CVE-2021-43543 (bmo#1738418)
      Bypass of CSP sandbox directive when embedding
    * CVE-2021-43545 (bmo#1720926)
      Denial of Service when using the Location API in a loop
    * CVE-2021-43546 (bmo#1737751)
      Cursor spoofing could overlay user interface when native
      cursor is zoomed
    * CVE-2021-43528 (bmo#1742579)
      JavaScript unexpectedly enabled for the composition area
    * MOZ-2021-0009 (bmo#1393362, bmo#1736046, bmo#1736751,
      bmo#1737009, bmo#1739372, bmo#1739421)
      Memory safety bugs fixed in Thunderbird 91.4.0
* Wed Dec 01 2021 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 91.3.2
    * changed: Date selection in Calendar print settings widget
      changed to use mini calendar widget
    * changed: OpenPGP: Botan updated to 2.18.2; addresses
      CVE-2021-40529
    * fixed: "Repair Text Encoding" menu item did not work
    * fixed: Troubleshoot Mode menu item did not always indicate
      whether troubleshooting mode was enabled
    * fixed: Message content could be unintentionally hidden due to
      CSS class names conflicting
    * fixed: SMTP server port was reset to "0" after clicking the
      "Re-Test" button in the Account Setup wizard
    * fixed: No "Paste" option was available in the config editor
      (about:config) context menu
    * fixed: Saving a PDF attachment opened in a separate tab saved
      the email message instead
    * fixed: Opening a PDF attachment from a message in a
      standalone or compose window did move the focus to opened
      attachment
    * fixed: After restart, Thunderbird was not able to restore
      opened message tabs when the message was in a folder with
      non-ASCII characters in its name
    * fixed: The "pill" indicator was incorrectly shown when
      sending a message to newsgroup
    * fixed: When printing from Calendar, after leaving the
      "Calendar" settings, there was no way to go back
    * fixed: Month pickers in the Calendar print UI lacked
      scrollbars when the content overflowed
    * fixed: Account Manager and Addons Manager were unreadable
      when using the Dark theme
  - Mozilla Thunderbird 91.3.1
    * changed: OpenPGP public keys will no longer count as an
      attachment in the message list
    * changed: Adding a search engine via URL now supported
    * changed: FileLink messages' template updated; Thunderbird
      advertisement removed
    * changed: After an update, Thunderbird will now check
      installed addons for updates
    * fixed: New mail popups were displayed while running full
      screen applications
    * fixed: Messages received with non-standard "koi8r" encoding
      were not supported
    * fixed: Various macOS stability improvements
    * fixed: PDF attachments opened in Firefox while composing an
      email
    * fixed: Addons were disabled when "Offline Settings" were set
      to "Ask me for online state (on startup)"
    * fixed: Clicking '"addons://" links in the Addons Manager
      prompted for an application to open it, rather than opening
      internally
    * fixed: The Contacts sidebar "Address Book" drop down was
      unreadable on Windows
    * fixed: vCard attachments were not shown when using "inline"
      view for attachments
    * fixed: Importing an ICS file with TODO items failed
* Fri Nov 05 2021 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 91.3
    * fixed: Default mail headers were set incorrectly when the
      value contained a colon (:)
    * fixed: Thunderbird did not send the QUIT command when closing
      an SMTP connection
    * fixed: Mail tabs could not be closed using the context menu
    * fixed: "Print" context menu was still shown when no message
      pane was displayed
    * fixed: Windows tray icon did not reappear after restarting
      Windows Explorer
    * fixed: Compose window attachment drag and drop fixes
    * fixed: Various macOS stability improvements
    * fixed: Drag and Drop area for file attachments on Windows was
      incorrect
    * fixed: CardDAV address books without a name did not work
    * fixed: Thunderbird tried to refresh disabled and manual-only
      calendars when the network state changed from offline to
      online
    * fixed: Various Calendar event dialog fixes
    * fixed: Various security fixes
    MFSA 2021-50 (bsc#1192250)
    * CVE-2021-38503 (bmo#1729517)
      iframe sandbox rules did not apply to XSLT stylesheets
    * CVE-2021-38504 (bmo#1730156)
      Use-after-free in file picker dialog
    * CVE-2021-38505 (bmo#1730194)
      Windows 10 Cloud Clipboard may have recorded sensitive user
      data
    * CVE-2021-38506 (bmo#1730750)
      Thunderbird could be coaxed into going into fullscreen mode
      without notification or warning
    * CVE-2021-38507 (bmo#1730935)
      Opportunistic Encryption in HTTP2 could be used to bypass the
      Same-Origin-Policy on services hosted on other ports
    * MOZ-2021-0008 (bmo#1667102)
      Use-after-free in HTTP2 Session object
    * CVE-2021-38508 (bmo#1366818)
      Permission Prompt could be overlaid, resulting in user
      confusion and potential spoofing
    * CVE-2021-38509 (bmo#1718571)
      Javascript alert box could have been spoofed onto an
      arbitrary domain
    * CVE-2021-38510 (bmo#1731779)
      Download Protections were bypassed by .inetloc files on Mac
      OS
    * MOZ-2021-0007 (bmo#1606864, bmo#1712671, bmo#1730048,
      bmo#1735152)
      Memory safety bugs fixed in Thunderbird ESR 91.3
  - Drop unused pkgconfig(gdk-x11-2.0) BuildRequires
  - Drop mozilla-neqo-fix-fips-crash.patch which is now upstream
  - add mozilla-bmo1724679.patch (bmo#1724679, boo#1182863)
    fix some env variables which are enabled for any value
* Wed Oct 13 2021 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 91.2
    * changed: Saving a single message as .eml now uses a unique
      filename
    * fixed: New mail notifications did not properly take
      subfolders into account
    * fixed: Decrypting binary attachments when using an external
      GnuPG configuration failed
    * fixed: Account name fields in the account manager were not
      big enough for long names
    * fixed: LDAP searches using an extensibleMatch filter returned
      no results
    * fixed: Read-only CalDAV calendars and CardDAV address books
      were not detected
    * fixed: Multipart messages containing a calendar invite did
      not display any of the human-readable alternatives
    * fixed: Some calendar days were displayed incorrectly or
      duplicated (eg. two "29th" days of a particular month)
    * fixed: Phantom event was shown at the end of each day in
      Calendar week view
    * fixed: Various security fixes
    MFSA 2021-47 (bsc#1191332)
    * CVE-2021-38502 (bmo#1733366)
      Downgrade attack on SMTP STARTTLS connections
    * CVE-2021-38496 (bmo#1725335)
      Use-after-free in MessageTask
    * CVE-2021-38497 (bmo#1726621)
      Validation message could have been overlaid on another origin
    * CVE-2021-38498 (bmo#1729642)
      Use-after-free of nsLanguageAtomService object
    * CVE-2021-32810 (bmo#1729813,
      bmo#https://github.com/crossbeam-
      rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw)
      Data race in crossbeam-deque
    * CVE-2021-38500 (bmo#1725854, bmo#1728321)
      Memory safety bugs fixed in Thunderbird 91.2
    * CVE-2021-38501 (bmo#1685354, bmo#1715755, bmo#1723176)
      Memory safety bugs fixed in Thunderbird 91.2
* Wed Oct 06 2021 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 91.1.2
    * Thunderbird will now warn if an S/MIME encrypted message includes
      BCC recipients
    * fixed: Message Security popup did not display all recipients
      due a missing scrollbar
    * fixed: Delivery Status Notifications were only shown for the
      first recipient
    * fixed: Composing a message from a template with attachments
      failed due to a temporary file being removed
    * fixed: Attachment sizes were no longer included on printed
      emails
    * fixed: A message sent with multiple attachments sometimes
      only sent one
    * fixed: Thunderbird sometimes attached the wrong messages when
      forwarding multiple messages by attachment
    * fixed: Thunderbird did not re-prompt for an SMTP username if
      one was not provided
    * fixed: Messages with BCC recipients that were held in the
      Outbox did not retain the BCC header when moved to the Sent
      folder
    * fixed: Thunderbird displayed reminders for events that were
      cancelled or declined
    * fixed: New Feed Account dialog did not honor dark mode
  - Mozilla Thunderbird 91.1.1
    * Menu item for disabling subject encryption for a single message added
    * Printing messages that are not currently displayed is no longer
      supported, including printing multiple messages at once
    * fixed: Buttons on compose window dialogs did not have a
      visual indication of focus
    * fixed: Dropdown fields in message compose window were
      unreadable on Windows 7 with a dark theme
    * fixed: Multiple bulk mail notification warnings were
      displayed
    * fixed: Enabled/Disabled state of message filters did not
      persist as expected
    * fixed: Printing a message did not print a list of its
      attachments
    * fixed: Images attached from a web page were not sent as
      expected
    * fixed: OpenPGP public key was attached multiple times when
      forwading a message
    * fixed: Windows tray icon disappeared if Thunderbird was
      started by a shortcut with "Run" set to "Minimized"
    * fixed: Windows tray message count badge displayed the
      "unread" count instead of the "new" message count
    * fixed: Some downstream Thunderbird builds were incorrectly
      checking addons for a signature, causing all addons to be
      disabled
    * fixed: Addressbooks set up with autoconfig showed no search
      results
    * fixed: Various CardDAV setup and auto-detection fixes
    * fixed: Dates (such as birthday) stored in contacts may
      display the wrong date; a one-time manual fix may be needed
      for dates that are incorrect.
    * fixed: Attached VCards displayed as plain text when an email
      was HTML formatted
    * fixed: Mailing list names with non-ASCII characters
      incorrectly displayed with an error
    * fixed: LDAP directories were not searched for matches when
      adding recipients to an email
    * fixed: Clicking "Connect to an LDAP address book" in account
      setup opened CardDAV setup dialog
    * fixed: LDAP address books using Kerberos/GSS-API
      authentication did not authenticate
    * fixed: LDAP search queries containing non-ASCII characters
      produced no results
    * fixed: IRC server connections did not automatically retry
      after a timeout
    * fixed: Calendar event editor did not honor
      `mail.spellcheck.inline`
  - MOZ_ENABLE_WAYLAND env variable now overrides automatic detection
    if already set before startup
  - Mozilla Thunderbird 91.1.0
    * Thunderbird registered Accessibility Handlers using same GUIDs
      as Firefox, causing performance issues for NVDA users
    * Focus lost when reordering accounts by keyboard in the Account Manager
    * Account setup did not use provider display name for setting up
      calendars
    * Various theme and UX fixes
    MFSA 2021-41 (bsc#1190269)
    * CVE-2021-38492 (bmo#1721107)
      Navigating to `mk:` URL scheme could load Internet Explorer
    * CVE-2021-38495 (bmo#1723391, bmo#1723920, bmo#1724101,
      bmo#1724107)
      Memory safety bugs fixed in Thunderbird 91.1
  - add mozilla-bmo531915.patch to fix build for i586
  - Remove obsolete patch mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
* Fri Sep 03 2021 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 91.0.3:
    * fixed: Folder icons could be overridden by linked favicons in
      HTML messages
    * fixed: Unified folders showed no messages when underlying
      folders were removed
    * fixed: Folder pane toolbar did not always persist after
      restarting Thunderbird
    * fixed: Compose window attachment pane did not close when
      disabling signing of an OpenPGP message
    * fixed: Using "Reply to List" with some list emails
      incorrectly opened a "no-reply" warning
    * fixed: Account setup UX issues with Exchange autodiscover
    * fixed: Account settings did not display non-UTF-8 server
      descriptions correctly
    * fixed: Thunderbird sometimes sent an unnecessary "SMTPUTF8",
      causing some servers to reject mail
    * fixed: No mouseover pop was displayed with event details for
      non-all-day events in the Today Pane
    * fixed: Filtering tasks in the Today Pane did not work
    * fixed: Email based event scheduling displayed the date and
      time in a format unreadable by humans
  - Mozilla Thunderbird 91.0.2:
    * new: Tags are now colored in mail filter editor
    * changed: Context menu items related to OpenPGP and
      attachments are now hidden when not applicable
    * fixed: Creating a new account with manual setup failed
    * fixed: Recipient autocomplete always preferred the primary
      email address for a contact
    * fixed: LDAP performance improvements
    * fixed: Extensions listed on the Recommended Addons did not
      have a clear way to view details in a browser
    * fixed: Status checkmark on View > Calendar > Calendar Pane >
      Show Calendar Pane was reversed
    * fixed: mid: URLs in calendar invites did not open the linked
      mail message
    * fixed: Various theme and UX fixes
  - Mozilla Thunderbird 91.0.1
    MFSA 2021-37 (bsc#1189547)
    * CVE-2021-29991 (bmo#1724896)
      Header Splitting possible with HTTP/3 Responses
  - appdate screenshot URL updated (by mailaender@opensuse.org)
  - Mozilla Thunderbird 91.0
    * based on Mozilla's 91 ESR codebase
    * many new and changed features
      https://www.thunderbird.net/en-US/thunderbird/91.0/releasenotes/#whatsnew
    * Renamed "Add-ons" to "Add-ons and Themes" and "Options" to "Preferences"
    * Thunderbird now operates in multi-process (e10s) mode by default
    * New user interface for adding attachments
    * Enable redirect of messages
    * CardDAV address book support
  - Removed obsolete patches:
    * mozilla-bmo1463035.patch
    * mozilla-ppc-altivec_static_inline.patch
    * mozilla-pipewire-0-3.patch
    * mozilla-bmo1554971.patch
  - add mozilla-libavcodec58_91.patch
  - removed obsolete BigEndian ICU build workaround
  - updated build requirements
  - Readd mozilla-silence-no-return-type.patch
* Thu Aug 12 2021 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 78.13
    * changed: WeTransfer FileLink provider removed
    * changed: The fix for bmo#1707360, from Thunderbird 78.12.0,
      was removed for causing regressions
    * fixed: OpenPGP: Homebrew's GPG Smartcard libraries not found
      on M1 Macs
    * fixed: Various security fixes
    MFSA 2021-35 (bsc#1188891)
    * CVE-2021-29986 (bmo#1696138)
      Race condition when resolving DNS names could have led to
      memory corruption
    * CVE-2021-29988 (bmo#1717922)
      Memory corruption as a result of incorrect style treatment
    * CVE-2021-29984 (bmo#1720031)
      Incorrect instruction reordering during JIT optimization
    * CVE-2021-29980 (bmo#1722204)
      Uninitialized memory in a canvas object could have led to
      memory corruption
    * CVE-2021-29985 (bmo#1722083)
      Use-after-free media channels
    * CVE-2021-29989 (bmo#1662676, bmo#1666184, bmo#1719178,
      bmo#1719998, bmo#1720568)
      Memory safety bugs fixed in Thunderbird 78.13
* Thu Jul 15 2021 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 78.12
    * fixed: Sending an email containing HTML links with spaces in
      the URL sometimes resulted in broken links
    * fixed: Folder Pane display theme fixes for macOS
    * fixed: Chat account settings did not always save as expected
    * fixed: RSS feed subscriptions sometimes lost
    * fixed: Calendar: A parsing error for alarm triggers of type
      "DURATION" caused sync problems for some users
    * fixed: Various security fixes
    MFSA 2021-30 (bsc#1188275)
    * CVE-2021-29969 (bmo#1682370)
      IMAP server responses sent by a MITM prior to STARTTLS could
      be processed
    * CVE-2021-29970 (bmo#1709976)
      Use-after-free in accessibility features of a document
    * CVE-2021-30547 (bmo#1715766)
      Out of bounds write in ANGLE
    * CVE-2021-29976 (bmo#1700895, bmo#1703334, bmo#1706910,
      bmo#1711576, bmo#1714391)
      Memory safety bugs fixed in Thunderbird 78.12
* Tue Jun 08 2021 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 78.11
    * fixed: OpenPGP could not be disabled for an account if a key
      was previously configured
    * fixed: Recipients were unable to decrypt some messages when
      the sender had changed the message encryption from OpenPGP to
      S/MIME
    * fixed: Contacts moved between CardDAV address books were not
      synced to the new server
    * fixed: CardDAV compatibility fixes for Google Contacts
    * fixed: Folder pane had no clear indication of focus on macOS
    * fixed: Windows theme improvements
    * fixed: Various security fixes
    MFSA 2021-26 (bsc#1186696)
    * CVE-2021-29964 (bmo#1706501)
      Out of bounds-read when parsing a `WM_COPYDATA` message
    * CVE-2021-29967 (bmo#1602862, bmo#1703191, bmo#1703760,
      bmo#1704722, bmo#1706041)
      Memory safety bugs fixed in Thunderbird 78.11
  - Added the new Mozilla's GPG key, expiring on 2023-05-17 to the
    mozilla.keyring file
* Tue May 18 2021 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 78.10.2
    * new: Added support for importing OpenPGP keys without a
      primary secret key
    * new: Add-ons manager displays a preferences icon for mail
      extensions that include an options page
    * fixed: OpenPGP messages with a high compression ratio (over
      10x) could not be decrypted
    * fixed: Selected OpenPGP key was lost after opening the Key
      Properties dialog in Account Settings
    * fixed: Parsing some OpenPGP user IDs failed
    * fixed: Various improvements to OpenPGP partial encryption
      reminders
    * fixed: Troubleshooting information page did not display row
      labels on macOS
    * fixed: Mail toolbar buttons were too big when displaying both
      icons and text
    * fixed: Various security fixes
    MFSA 2021-22
    * CVE-2021-29957 (bmo#1673241, bsc#1186198)
      Partial protection of inline OpenPGP message not indicated
    * CVE-2021-29956 (bmo#1710290, bsc#1186199)
      Thunderbird stored OpenPGP secret keys without master
      password protection
  - Mozilla Thunderbird 78.10.1
    MFSA 2021-19
    * CVE-2021-29951 (bmo#1690062, bsc#1185633)
      Thunderbird Maintenance Service could have been started or
      stopped by domain users
* Wed May 05 2021 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 78.8.1
    * changed: Removed the fix for bug 1689804 introduced in
      Thunderbird 78.9.0, restoring the previous behavior
    * fixed: Various security fixes
    MFSA 2021-17 (bsc#1185633)
    * CVE-2021-29950 (bmo#1673239)
      Logic issue potentially leaves key material unlocked
* Tue Apr 20 2021 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 78.10
    * fixed: Usability & theme improvements on Windows
    * fixed: Various security fixes
    MFSA 2021-14 (bsc#1184960)
    * CVE-2021-23994 (bmo#1699077)
      Out of bound write due to lazy initialization
    * CVE-2021-23995 (bmo#1699835)
      Use-after-free in Responsive Design Mode
    * CVE-2021-23998 (bmo#1667456)
      Secure Lock icon could have been spoofed
    * CVE-2021-23961 (bmo#1677940)
      More internal network hosts could have been probed by a
      malicious webpage
    * CVE-2021-23999 (bmo#1691153)
      Blob URLs may have been granted additional privileges
    * CVE-2021-24002 (bmo#1702374)
      Arbitrary FTP command execution on FTP servers using an
      encoded URL
    * CVE-2021-29945 (bmo#1700690)
      Incorrect size computation in WebAssembly JIT could lead to
      null-reads
    * CVE-2021-29946 (bmo#1698503)
      Port blocking could be bypassed
    * CVE-2021-29948 (bmo#1692899)
      Race condition when reading from disk while verifying
      signatures
* Fri Apr 09 2021 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 78.9.1
    * new: Support recipient aliases for OpenPGP encryption.
      Documentation can be found https://wiki.mozilla.org/
      Thunderbird:OpenPGP:Aliases.
    * fixed: The key and signature parts of the message security
      popup on a received message could not be selected for
      copy/paste.
    * fixed: Various UX and theme improvements
    MFSA 2021-13 (bsc#1184536)
    * CVE-2021-23991 (bmo#1673240)
      An attacker may use Thunderbird's OpenPGP key refresh
      mechanism to poison an existing key
    * MOZ-2021-23992 (bmo#1666236)
      A crafted OpenPGP key with an invalid user ID could be used
      to confuse the user
    * CVE-2021-23993 (bmo#1666360)
      Inability to send encrypted OpenPGP email after importing a
      crafted OpenPGP key
* Fri Mar 26 2021 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 78.9
    * fixed: New mail notification displayed old messages that were
      unread
    * fixed: Spaces following soft line breaks in messages using
      quoted-printable and format=flowed were incorrectly encoded;
      existing messages which were previously incorrectly encoded
      may now display with some words not separated by a space
    * fixed: Some fields were unreadable in the Dark theme in the
      General preferences panel
    * fixed: Sending a message containing an anchor tag with an
      invalid data URI failed
    * fixed: When switching tabs, input focus was not moved to the
      new tab
    * fixed: Address Book: Syncing a read-only Google address book
      via CardDAV failed
    * fixed: Address Book: Importing VCards with non-ascii
      characters would fail
    * fixed: Address Book: Some values may not have been parsed
      when syncing from Google address books.
    * fixed: Add-ons Manager did not show if an addon used
      experiment APIs
    * fixed: Calendar: Removing a recurring task was not possible
    * fixed: Various security fixes
    MFSA 2021-12 (bsc#1183942)
    * CVE-2021-23981 (bmo#1692832)
      Texture upload into an unbound backing buffer resulted in an
      out-of-bound read
    * MOZ-2021-0002 (bmo#1691547)
      Angle graphics library out of date
    * CVE-2021-23982 (bmo#1677046)
      Internal network hosts could have been probed by a malicious
      webpage
    * CVE-2021-23984 (bmo#1693664)
      Malicious extensions could have spoofed popup information
    * CVE-2021-23987 (bmo#1513519, bmo#1683439, bmo#1690169,
      bmo#1690718)
      Memory safety bugs fixed in Thunderbird 78.9
  - cleaned up and fixed mozilla.sh.in for wayland (boo#1177542)
* Wed Feb 24 2021 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 78.8
    * fixed: Importing an address book from a CSV file always
      reported an error (bmo#1685048)
    * fixed: Security information for S/MIME messages was not
      displayed correctly prior to a draft being saved
      (bmo#1683701)
    * fixed: Calendar: FileLink UI fixes for Caldav calendars
      (bmo#1669803)
    * fixed: Recurring tasks were always marked incomplete; unable
      to use filters (bmo#1686466)
    * fixed: Various UI widgets not working (bmo#1690098)
    * fixed: Dark theme improvements (bmo#1691106)
    * fixed: Extension manager was missing link to addon support
      web page (bmo#1642219)
    * fixed: Various security fixes
    MFSA 2021-09 (bsc#1182614)
    * CVE-2021-23969 (bmo#1542194)
      Content Security Policy violation report could have contained
      the destination of a redirect
    * CVE-2021-23968 (bmo#1687342)
      Content Security Policy violation report could have contained
      the destination of a redirect
    * CVE-2021-23973 (bmo#1690976)
      MediaError message property could have leaked information
      about cross-origin resources
    * CVE-2021-23978 (bmo#1682928, bmo#1687391, bmo#1687597,
      bmo#786797)
      Memory safety bugs fixed in Thunderbird 78.8
  - Update create-tar.sh to use https instead of http (bsc#1182357)
* Mon Feb 08 2021 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 78.7.1 (bsc#1181848)
    * changed: Building OpenPGP shared library linked to system
      libraries now supported (bmo#1634963)
    * changed: MailExtension errors now shown in Developer Tools
      console by default (bmo#1650149)
    * changed: MailExtensions: Dynamic registration of calendar
      providers now supported (bmo#1652885)
    * fixed: OpenPGP improvements (bmo#1655210)
    * fixed: Message preview was sometimes blank after upgrading
      from Thunderbird 68 (bmo#1653168)
    * fixed: Email addresses whitelisted for remote content not
      displayed in preferences (bmo#1652575)
    * fixed: Importing data from Seamonkey did not work
      (bmo#272292)
    * fixed: Renaming a mail list did not update the side bar
      (bmo#1632331)
    * fixed: MailExtensions: messenger.* namespace was undefined
      (bmo#1641573)
* Wed Jan 27 2021 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 78.7
    * changed: MailExtensions: browserAction, composeAction, and
      messageDisplayAction toolbar buttons now support label and
      default_label properties (bmo#1583478)
    * fixed: Running a quicksearch that returned no results did not
      offer to re-run as a global search (bmo#1663153)
    * fixed: Message search toolbar fixes (bmo#1681010)
    * fixed: Very long subject lines distorted the message compose
      and display windows, making them unusable (bmo#77806)
    * fixed: Compose window: Recipient addresses that had not yet
      been autocompleted were lost when clicking Send button
      (bmo#1674054)
    * fixed: Compose window: New message is no longer marked as
      "changed" just from tabbing out of the recipient field
      without editing anything (bmo#1681389)
    * fixed: Account autodiscover fixes when using MS Exchange
      servers (bmo#1679759)
    * fixed: LDAP address book stability fix (bmo#1680914)
    * fixed: Messages with invalid vcard attachments were not
      marked as read when viewed in the preview window
      (bmo#1680468)
    * fixed: Chat: Could not add TLS certificate exceptions for
      XMPP connections (bmo#1590471)
    * fixed: Calendar: System timezone was not always properly
      detected (bmo#1678839)
    * fixed: Calendar: Descriptions were sometimes blank when
      editing a single occurrence of a repeating event
      (bmo#1664731)
    * fixed: Various printing bugfixes (bmo#1676166)
    * fixed: Visual consistency and theme improvements
      (bmo#1682808)
    * fixed: Various security fixes
    MFSA 2021-05 (bsc#1181414)
    * CVE-2021-23953 (bmo#1683940)
      Cross-origin information leakage via redirected PDF requests
    * CVE-2021-23954 (bmo#1684020)
      Type confusion when using logical assignment operators in
      JavaScript switch statements
    * CVE-2020-15685 (bmo#1622640)
      IMAP Response Injection when using STARTTLS
    * CVE-2020-26976 (bmo#1674343)
      HTTPS pages could have been intercepted by a registered
      service worker when they should not have been
    * CVE-2021-23960 (bmo#1675755)
      Use-after-poison for incorrectly redeclared JavaScript
      variables during GC
    * CVE-2021-23964 (bmo#1662507, bmo#1666285, bmo#1673526,
      bmo#1674278, bmo#1674835, bmo#1675097, bmo#1675844,
      bmo#1675868, bmo#1677590, bmo#1677888, bmo#1680410,
      bmo#1681268, bmo#1682068, bmo#1682938, bmo#1683736,
      bmo#1685260, bmo#1685925)
      Memory safety bugs fixed in Thunderbird 78.7
* Tue Jan 12 2021 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 78.6.1
    * changed: MailExtensions: browserAction, composeAction, and
      messageDisplayAction toolbar buttons now support label and
      default_label properties (bmo#1583478)
    * fixed: Running a quicksearch that returned no results did not
      offer to re-run as a global search (bmo#1663153)
    * fixed: Message search toolbar fixes (bmo#1681010)
    * fixed: Very long subject lines distorted the message compose
      and display windows, making them unusable (bmo#77806)
    * fixed: Compose window: Recipient addresses that had not yet
      been autocompleted were lost when clicking Send button
      (bmo#1674054)
    * fixed: Compose window: New message is no longer marked as
      "changed" just from tabbing out of the recipient field
      without editing anything (bmo#1681389)
    * fixed: Account autodiscover fixes when using MS Exchange
      servers (bmo#1679759)
    * fixed: LDAP address book stability fix (bmo#1680914)
    * fixed: Messages with invalid vcard attachments were not
      marked as read when viewed in the preview window
      (bmo#1680468)
    * fixed: Chat: Could not add TLS certificate exceptions for
      XMPP connections (bmo#1590471)
    * fixed: Calendar: System timezone was not always properly
      detected (bmo#1678839)
    * fixed: Calendar: Descriptions were sometimes blank when
      editing a single occurrence of a repeating event
      (bmo#1664731)
    * fixed: Various printing bugfixes (bmo#1676166)
    * fixed: Visual consistency and theme improvements
      (bmo#1682808)
    MFSA 2021-02 (bsc#1180623)
    * CVE-2020-16044 (bmo#1683964)
      Use-after-free write when handling a malicious COOKIE-ECHO
      SCTP chunk
* Tue Dec 15 2020 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 78.6
    * new: MailExtensions: Added
      browser.windows.openDefaultBrowser() (bmo#1664708)
    * changed: Thunderbird now only shows quota exceeded
      indications on the main window (bmo#1671748)
    * changed: MailExtensions: menus API enabled in messages being
      composed (bmo#1670832)
    * changed: MailExtensions: Honor allowScriptsToClose argument
      in windows.create API function (bmo#1675940)
    * changed: MailExtensions: APIs that returned an accountId will
      reflect the account the message belongs to, not what is
      stored in message headers (bmo#1644032)
    * fixed: Keyboard shortcut for toggling message "read" status
      not shown in menus (bmo#1619248)
    * fixed: OpenPGP: After importing a secret key, Key Manager
      displayed properties of the wrong key (bmo#1667054)
    * fixed: OpenPGP: Inline PGP parsing improvements (bmo#1660041)
    * fixed: OpenPGP: Discovering keys online via Key Manager
      sometimes failed on Linux (bmo#1634053)
    * fixed: OpenPGP: Encrypted attachment "Decrypt and Open/Save
      As" did not work (bmo#1663169)
    * fixed: OpenPGP: Importing keys failed on macOS (bmo#1680757)
    * fixed: OpenPGP: Verification of clear signed UTF-8 text
      failed (bmo#1679756)
    * fixed: Address book: Some columns incorrectly displayed no
      data (bmo#1631201)
    * fixed: Address book: The address book view did not update
      after changing the name format in the menu (bmo#1678555)
    * fixed: Calendar: Could not import an ICS file into a CalDAV
      calendar (bmo#1652984)
    * fixed: Calendar: Two "Home" calendars were visible on a new
      profile (bmo#1656782)
    * fixed: Calendar: Dark theme was incomplete on Linux
      (bmo#1655543)
    * fixed: Dark theme did not apply to new mail notification
      popups (bmo#1681083)
    * fixed: Folder icon, message list, and contact side bar visual
      improvements (bmo#1679436)
    * fixed: MailExtensions: HTTP refresh in browser content tabs
      did not work (bmo#1667774)
    * fixed: MailExtensions: messageDisplayScripts failed to run in
      main window (bmo#1674932)
    * fixed: Various security fixes
    MFSA 2020-56 (bsc#1180039)
    * CVE-2020-16042 (bmo#1679003)
      Operations on a BigInt could have caused uninitialized memory
      to be exposed
    * CVE-2020-26971 (bmo#1663466)
      Heap buffer overflow in WebGL
    * CVE-2020-26973 (bmo#1680084)
      CSS Sanitizer performed incorrect sanitization
    * CVE-2020-26974 (bmo#1681022)
      Incorrect cast of StyleGenericFlexBasis resulted in a heap
      use-after-free
    * CVE-2020-26978 (bmo#1677047)
      Internal network hosts could have been probed by a malicious
      webpage
    * CVE-2020-35111 (bmo#1657916)
      The proxy.onRequest API did not catch view-source URLs
    * CVE-2020-35112 (bmo#1661365)
      Opening an extension-less download may have inadvertently
      launched an executable instead
    * CVE-2020-35113 (bmo#1664831, bmo#1673589)
      Memory safety bugs fixed in Thunderbird 78.6
* Wed Dec 02 2020 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 78.5.1
    * new: OpenPGP: Added option to disable email subject
      encryption (bmo#1666073)
    * changed: OpenPGP public key import now supports multi-file
      selection and bulk accepting imported keys (bmo#1665145)
    * changed: MailExtensions: getComposeDetails will wait for
      "compose-editor-ready" event (bmo#1675012)
    * fixed: New mail icon was not removed from the system tray at
      shutdown (bmo#1664586)
    * fixed: "Place replies in the folder of the message being
      replied to" did not work when using "Reply to List"
      (bmo#522450)
    * fixed: Thunderbird did not honor the "Run search on server"
      option when searching messages (bmo#546925)
    * fixed: Highlight color for folders with unread messages
      wasn't visible in dark theme (bmo#1676697)
    * fixed: OpenPGP: Key were missing from Key Manager
      (bmo#1674521)
    * fixed: OpenPGP: Option to import keys from clipboard always
      disabled (bmo#1676842)
    * fixed: The "Link" button on the large attachments info bar
      failed to open up Filelink section in Options if the user had
      not yet configured Filelink (bmo#1677647)
    * fixed: Address book: Printing members of a mailing list
      resulted in incorrect output (bmo#1676859)
    * fixed: Unable to connect to LDAP servers configured with a
      self-signed SSL certificate (bmo#1659947)
    * fixed: Autoconfig via LDAP did not work as expected
      (bmo#1662433)
    * fixed: Calendar: Pressing Ctrl-Enter in the new event dialog
      would create duplicate events (bmo#1668478)
    * fixed: Various security fixes
    MFSA 2020-53 (bsc#1179530)
    * CVE-2020-26970 (bmo#1677338)
      Stack overflow due to incorrect parsing of SMTP server
      response codes
* Thu Nov 19 2020 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 78.5.0
    * new: OpenPGP: Added option to disable attaching the public
      key to a signed message (bmo#1654950)
    * new: MailExtensions: "compose_attachments" context added to
      Menus API (bmo#1670822)
    * new: MailExtensions: Menus API now available on displayed
      messages (bmo#1670825)
    * changed: MailExtensions: browser.tabs.create will now wait
      for "mail-delayed-startup-finished" event (bmo#1674407)
    * fixed: OpenPGP: Support for inline PGP messages improved
      (bmo#1672851)
    * fixed: OpenPGP: Message security dialog showed unverified
      keys as unavailable (bmo#1675285)
    * fixed: Chat: New chat contact menu item did not function
      (bmo#1663321)
    * fixed: Various theme and usability improvements (bmo#1673861)
    * fixed: Various security fixes
    MFSA 2020-52 (bsc#1178894)
    * CVE-2020-26951 (bmo#1667113)
      Parsing mismatches could confuse and bypass security
      sanitizer for chrome privileged code
    * CVE-2020-16012 (bmo#1642028)
      Variable time processing of cross-origin images during
      drawImage calls
    * CVE-2020-26953 (bmo#1656741)
      Fullscreen could be enabled without displaying the security UI
    * CVE-2020-26956 (bmo#1666300)
      XSS through paste (manual and clipboard API)
    * CVE-2020-26958 (bmo#1669355)
      Requests intercepted through ServiceWorkers lacked MIME type
      restrictions
    * CVE-2020-26959 (bmo#1669466)
      Use-after-free in WebRequestService
    * CVE-2020-26960 (bmo#1670358)
      Potential use-after-free in uses of nsTArray
    * CVE-2020-15999 (bmo#1672223)
      Heap buffer overflow in freetype
    * CVE-2020-26961 (bmo#1672528)
      DoH did not filter IPv4 mapped IP Addresses
    * CVE-2020-26965 (bmo#1661617)
      Software keyboards may have remembered typed passwords
    * CVE-2020-26966 (bmo#1663571)
      Single-word search queries were also broadcast to local
      network
    * CVE-2020-26968 (bmo#1551615, bmo#1607762, bmo#1656697,
      bmo#1657739, bmo#1660236, bmo#1667912, bmo#1671479,
      bmo#1671923)
      Memory safety bugs fixed in Thunderbird 78.5
* Mon Nov 16 2020 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 78.4.3
    * fixed: User interface was inconsistent when switching from
      the default theme to the dark theme and back to the default
      theme (bmo#1659282)
    * fixed: Email subject would disappear when hovering over it
      with the mouse when using Windows 7 Classic theme
      (bmo#1675970)
* Tue Nov 10 2020 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 78.4.2
    MFSA 2020-49 (bsc#1178611)
    * CVE-2020-26950 (bmo#1675905)
      Write side effects in MCallGetProperty opcode not accounted
      for
  - Mozilla Thunderbird 78.4.1
    * new: Thunderbird prompts for an address to use when starting
      an email from an address book entry with multiple addresses
      (bmo#84028)
    * fixed: Searching global search results did not work
      (bmo#1664761)
    * fixed: Link location was not focused by default when adding a
      hyperlink in message composer (bmo#1670660)
    * fixed: Advanced address book search dialog was unusable
      (bmo#1668147)
    * fixed: Encrypted draft reply emails lost "Re:" prefix
      (bmo#1661510)
    * fixed: Replying to a newsgroup message did not open the
      compose window (bmo#1672667)
    * fixed: Unable to delete multiple newsgroup messages
      (bmo#1657988)
    * fixed: Appmenu displayed visual glitches (bmo#1636243)
    * fixed: Visual glitches when selecting multiple messages in
      the message pane and using Ctrl+click (bmo#1671800)
    * fixed: Switching between dark and light mode could lead to
      unreadable text on macOS (bmo#1668989)
* Thu Oct 22 2020 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 78.4
    * new: MailExtensions: browser.tabs.sendMessage API added
      (bmo#1641576)
    * new: MailExtensions: messageDisplayScripts API added
      (bmo#1504475)
    * changed: Yahoo and AOL mail users using password
      authentication will be migrated to OAuth2 (bmo#1606339)
    * changed: MailExtensions: messageDisplay APIs extended to
      support multiple selected messages (bmo#1617461)
    * changed: MailExtensions: compose.begin functions now support
      creating a message with attachments (bmo#1662018)
    * fixed: Thunderbird could freeze when updating global search
      index (bmo#1669872)
    * fixed: Multiple issues with handling of self-signed SSL
      certificates addressed (bmo#1590474)
    * fixed: Recipient address fields in compose window could
      expand to fill all available space (bmo#1666463)
    * fixed: Inserting emoji characters in message compose window
      caused unexpected behavior (bmo#1638874)
    * fixed: Button to restore default folder icon color was not
      keyboard accessible (bmo#1663075)
    * fixed: Various keyboard navigation fixes (bmo#1667567)
    * fixed: Various color-related theme fixes (bmo#1668410)
    * fixed: MailExtensions: Updating attachments with
      onBeforeSend.addListener() did not work (bmo#1662015)
    MFSA 2020-47 (bsc#1177977)
    * CVE-2020-15969 (bmo#1666570, https://github.com/sctplab/
      usrsctp/commit/ffed0925f27d404173c1e3e750d818f432d2c019)
      Use-after-free in usersctp
    * CVE-2020-15683 (bmo#1576843, bmo#1656987, bmo#1660954,
      bmo#1662760, bmo#1663439, bmo#1666140)
      Memory safety bugs fixed in Thunderbird 78.4
* Mon Oct 19 2020 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 78.3.3
    * OpenPGP: Improved support for encrypting with subkeys
      (bmo#1665497)
    * OpenPGP message status icons were not visible in
      message header pane (bmo#1670067)
    * OpenPGP Key Manager was missing from Tools menu on
      macOS (bmo#1662279)
    * Creating a new calendar event did not require an event
      title (bmo#1663303)
* Wed Oct 14 2020 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 78.3.2 (bsc#1176899)
    * OpenPGP: Improved support for encrypting with subkeys
    * OpenPGP: Encrypted messages with international characters were
      sometimes displayed incorrectly
    * Single-click deletion of recipient pills with middle mouse
      button restored
    * Searching an address book list did not display results
    * Dark mode, high contrast, and Windows theming fixes
  - Mozilla Thunderbird 78.3.1
    * fix crash in nsImapProtocol::CreateNewLineFromSocket (bmo#1667120)
  - Mozilla Thunderbird 78.3.0
    MFSA 2020-44 (bsc#1176756)
    * CVE-2020-15677 (bmo#1641487)
      Download origin spoofing via redirect
    * CVE-2020-15676 (bmo#1646140)
      XSS when pasting attacker-controlled data into a
      contenteditable element
    * CVE-2020-15678 (bmo#1660211)
      When recursing through layers while scrolling, an iterator
      may have become invalid, resulting in a potential use-after-
      free scenario
    * CVE-2020-15673 (bmo#1648493, bmo#1660800)
      Memory safety bugs fixed in Thunderbird 78.3
  - requires NSPR >= 4.25.1
  - removed obsolete thunderbird-bmo1664607.patch
  - Mozilla Thunderbird 78.2.2
    https://www.thunderbird.net/en-US/thunderbird/78.2.2/releasenotes
  - added thunderbird-bmo1664607.patch required for builds w/o updater
    (boo#1176384)
  - Mozilla Thunderbird 78.2.1 (bsc#1174230)
    * based on Mozilla's 78 ESR codebase
    * many new and changed features
      https://www.thunderbird.net/en-US/thunderbird/78.0/releasenotes/#whatsnew
    * built-in OpenPGP support (enigmail neither required nor supported)
  - added platform patches:
    * mozilla-s390x-skia-gradient.patch
    * mozilla-pipewire-0-3.patch
    * mozilla-bmo1512162.patch
    * mozilla-bmo1626236.patch
    * mozilla-bmo998749.patch
    * mozilla-sandbox-fips.patch
    * thunderbird-remove-python2.patch
  - removed obsolete platform patches
    * mozilla-s390-bigendian.patch
    * mozilla-nestegg-big-endian.patch
    * mozilla-openaes-decl.patch
    * mozilla-cubeb-noreturn.patch
* Mon Aug 31 2020 cgrobertson@suse.com
  - Mozilla Thunderbird 68.12
    * fixed: Various security vulnerabilities
    MFSA 2020-40 (bsc#1175686)
    * CVE-2020-15663 (bmo#1643199)
      Downgrade attack on the Mozilla Maintenance Service could
      have resulted in escalation of privilege
    * CVE-2020-15664 (bmo#1658214)
      Attacker-induced prompt for extension installation
    * CVE-2020-15669 (bmo#1656957)
      Use-After-Free when aborting an operation
* Fri Jul 31 2020 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 68.11
    * fixed: FileLink attachments included as a link and file when
      added from a network drive via drag & drop (bmo#793118)
    * fixed: Various security fixes
    MFSA 2020-35 (bsc#1174538)
    * CVE-2020-15652 (bmo#1634872)
      Potential leak of redirect targets when loading scripts in a
      worker
    * CVE-2020-6514 (bmo#1642792)
      WebRTC data channel leaks internal address to peer
    * CVE-2020-6463 (bmo#1635293)
      Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
    * CVE-2020-15659 (bmo#1550133, bmo#1633880, bmo#1646787,
      bmo#1650811)
      Memory safety bugs fixed in Thunderbird 68.11
* Fri Jul 03 2020 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 68.10.0
    * fixed: Chat: Topics displayed some characters improperly
      (bmo#1644024)
    * fixed: Calendar: Filtering tasks did not work when
      "Incomplete Tasks" was selected (bmo#1593711)
    MFSA 2020-26 (bsc#1173576)
    * CVE-2020-12417 (bmo#1640737)
      Memory corruption due to missing sign-extension for ValueTags
      on ARM64
    * CVE-2020-12418 (bmo#1641303)
      Information disclosure due to manipulated URL object
    * CVE-2020-12419 (bmo#1643874)
      Use-after-free in nsGlobalWindowInner
    * CVE-2020-12420 (bmo#1643437)
      Use-After-Free when trying to connect to a STUN server
    * MFSA-2020-0001 (bmo#1606610)
      Automatic account setup leaks Microsoft Exchange login
      credentials
    * CVE-2020-12421 (bmo#1308251)
      Add-On updates did not respect the same certificate trust
      rules as software updates
* Thu Jun 04 2020 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 68.9.0
    * fixed: Custom headers added for searching or filtering could
      not be removed (bmo#1631577)
    * fixed: Calendar: Today Pane updated prior to loading all data
      (bmo#1635613)
    * fixed: Stability improvements (bmo#1625677)
    * fixed: Various security fixes
    MFSA 2020-22 (bsc#1172402)
    * CVE-2020-12405 (bmo#1631618)
      Use-after-free in SharedWorkerService
    * CVE-2020-12406 (bmo#1639590)
      JavaScript Type confusion with NativeTypes
    * CVE-2020-12410 (bmo#1619305, bmo#1632717)
      Memory safety bugs fixed in Thunderbird 68.9.0
    * CVE-2020-12398 (bmo#1613623)
      Security downgrade with IMAP STARTTLS leads to information
      leakage
* Mon May 25 2020 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 68.8.1
    * fixed: IMAP stability improvements (bmo#1586494)
    * fixed: HTML tags in IRC topic changes were rendered
      incorrectly (bmo#1607097)
    * fixed: MailExtensions: Websockets could not be used
      (bmo#1627649)
  - Use a symbolic icon from branding internals
* Wed May 06 2020 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 68.8.0
    * fixed: Account Manager: text fields were too small in some
      cases (bmo#1616387)
    * fixed: Account Manager: Authentication method did not update
      when selecting an SMTP server (bmo#1631437)
    * fixed: Links with embedded credentials did not open on
      Windows (bmo#1609451)
    * fixed: Messages were sometimes sent with a badly formed
      address when filled from the address book (bmo#1629842)
    * fixed: Accessibility: Screen readers were reporting too many
      activities from the status bar (bmo#1628891)
    * fixed: MailExtensions: Setting IMAP messages as read with
      browser.messages.updated failed to persist (bmo#1631184)
    * fixed: Various security fixes
    MFSA 2020-18 (bsc#1171186)
    * CVE-2020-12397 (bmo#1617370)
      Sender Email Address Spoofing using encoded Unicode
      characters
    * CVE-2020-12387 (bmo#1545345)
      Use-after-free during worker shutdown
    * CVE-2020-6831 (bmo#1632241)
      Buffer overflow in SCTP chunk input validation
    * CVE-2020-12392 (bmo#1614468)
      Arbitrary local file access with 'Copy as cURL'
    * CVE-2020-12393 (bmo#1615471)
      Devtools' 'Copy as cURL' feature did not fully escape
      website-controlled data, potentially leading to command
      injection
    * CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704,
      bmo#1624098, bmo#1625749, bmo#1626382, bmo#1628076,
      bmo#1631508)
      Memory safety bugs fixed in Thunderbird 68.8.0
* Tue Apr 14 2020 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 68.7.0
    * new: MailExtensions: Raw message source available to
      MailExtensions (bmo#1525274)
    * changed: MailExtensions: messages.update function extended to
      mark messages as junk or not junk (bmo#1598332)
    * changed: MailExtensions: browser.compose.begin functions no
      longer expand mailing lists (bmo#1612480)
    * fixed: Various improvements to account setup when connecting
      to an Exchange server (bmo#1598861)
    * fixed: Thread collapsed when opening news message in a new
      window (bmo#1526765)
    * fixed: Addons not automatically updated to compatible version
      after upgrade from Thunderbird 60 (bmo#1574183)
    * fixed: Updating addons did not prompt when requesting new
      permissions (bmo#1620861)
    * fixed: Extra recipients panel not keyboard-accessible
      (bmo#1612717)
    * fixed: Accessibility: Status bar was not detected by
      screenreaders (bmo#1621287)
    * fixed: MailExtensions: messages.query by folder name did not
      require accountsRead permission (bmo#1625793)
    * fixed: Calendar: Invitations with embedded null bytes did not
      always decode correctly (bmo#1623896)
    * fixed: Calendar: Cancelled events didn't show with a line-
      through (bmo#1621210)
    * fixed: Various security fixes
    MFSA 2020-14 (bsc#1168874)
    In general, these flaws cannot be exploited through email in
    Thunderbird because scripting is disabled when reading mail, but
    are potentially risks in browser or browser-like contexts.
    * CVE-2020-6819 (bmo#1620818, bsc#1168630)
      Use-after-free while running the nsDocShell destructor
    * CVE-2020-6820 (bmo#1626728, bsc#1168630)
      Use-after-free when handling a ReadableStream
    * CVE-2020-6821 (bmo#1625404, bsc#1168874)
      Uninitialized memory could be read when using the WebGL
      copyTexSubImage method
    * CVE-2020-6822 (bmo#1544181, bsc#1168874)
      Out of bounds write in GMPDecodeData when processing large images
    * CVE-2020-6825 (bmo#1572541,bmo#1620193,bmo#1620203, bsc#1168874)
      Memory safety bugs fixed in Thunderbird 68.7.0
* Fri Mar 13 2020 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 68.6
    * new: Thunderbird now displays a popup window when starting up
      on a new profile (bmo#1590036)
    * changed: Thunderbird now provides partial updates resulting
      in smaller downloads (bmo#1410512)
    * fixed: Searching in message bodies led to false negatives
      under some circumstances in quoted-printable encoded HTML
      bodies (bmo#1614796)
    * fixed: "Get New Messages for All Accounts" not working for
      OAuth2-authenticated IMAP accounts (bmo#1593611)
    * fixed: Various security fixes
    MFSA 2020-10 (bsc#1166238)
    * CVE-2020-6805 (bmo#1610880)
      Use-after-free when removing data about origins
    * CVE-2020-6806 (bmo#1612308)
      BodyStream::OnInputStreamReady was missing protections
      against state confusion
    * CVE-2020-6807 (bmo#1614971)
      Use-after-free in cubeb during stream destruction
    * CVE-2020-6811 (bmo#1607742)
      Devtools' 'Copy as cURL' feature did not fully escape
      website-controlled data, potentially leading to command
      injection
    * CVE-2019-20503 (bmo#1613765)
      Out of bounds reads in sctp_load_addresses_from_init
    * CVE-2020-6812 (bmo#1616661)
      The names of AirPods with personally identifiable information
      were exposed to websites with camera or microphone permission
    * CVE-2020-6814 (bmo#1592078, bmo#1604847, bmo#1608256,
      bmo#1612636, bmo#1614339)
      Memory safety bugs fixed in Thunderbird 68.6
* Thu Feb 13 2020 cgrobertson@suse.com
  - Mozilla Thunderbird 68.5
    * new: Support for Client Identity IMAP/SMTP Service Extension
      (bmo#1532388)
    * new: Support for OAuth 2.0 authentication for POP3 accounts
      (bmo#1538409)
    * fixed: Status area goes blank during account setup
      (bmo#1593122)
    * fixed: Calendar: Could not remove color for default
      categories (bmo#1584853)
    * fixed: Calendar: Prevent calendar component loading multiple
      times (bmo#1606375)
    * fixed: Calendar: Today pane did not retain width between
      sessions (bmo#1610207)
    * fixed: Various <a href="https://www.mozilla.org/en-
      US/security/known-
      vulnerabilities/thunderbird/#thunderbird68.5">security
      fixes</a>
    * unresolved: When upgrading from Thunderbird version 60 to
      version 68, add-ons are not automatically updated during the
      upgrade process. They will however be updated during the add-
      on update check. It is of course possible to reinstall
      compatible add-ons via the Add-ons Manager or via
      addons.thunderbird.net. (bmo#1574183)
    MFSA 2020-07 (bsc#1163368)
    * CVE-2020-6793 (bmo#1608539)
      Out-of-bounds read when processing certain email messages
    * CVE-2020-6794 (bmo#1606619)
      Setting a master password post-Thunderbird 52 does not delete
      unencrypted previously stored passwords
    * CVE-2020-6795 (bmo#1611105)
      Crash processing S/MIME messages with multiple signatures
    * CVE-2020-6797 (bmo#1596668)
      Extensions granted downloads.open permission could open
      arbitrary applications on Mac OSX
    * CVE-2020-6798 (bmo#1602944)
      Incorrect parsing of template tag could result in JavaScript
      injection
    * CVE-2020-6792 (bmo#1609607)
      Message ID calculcation was based on uninitialized data
    * CVE-2020-6800 (bmo#1595786, bmo#1596706, bmo#1598543,
      bmo#1604851, bmo#1605777, bmo#1608580, bmo#1608785)
      Memory safety bugs fixed in Thunderbird 68.5
* Mon Jan 27 2020 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 68.4.2 (bsc#1162777)
    * changed: Calendar: Task and Event tree colours adjusted for
      the dark theme (bmo#1608344)
    * fixed: Retrieval of S/MIME certificates from LDAP failed
      (bmo#1604773)
    * fixed: Address-parsing crash on some IMAP servers when
      preference mail.imap.use_envelope_cmd was set (bmo#1609690)
    * fixed: Incorrect forwarding of HTML messages caused SMTP
      servers to respond with a timeout (bmo#1222046)
    * fixed: Calendar: Various parts of the calendar UI stopped
      working when a second Thunderbird window opened (bmo#1608407)
* Fri Jan 10 2020 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 68.4.1
    * changed: Various improvements when setting up an account for
      a Microsoft Exchange server: Now offers IMAP/SMTP if
      available, better detection for Office 365 accounts; re-run
      configuration after password change. (bmo#1592258)
    * fixed: Attachments with one or more spaces in their names
      couldn't be opened under some circumstances (bmo#1601905)
    * fixed: After changing view layout, the message display pane
      showed garbled content under some circumstances (bmo#265393)
    * fixed: Tags were lost on messages in shared IMAP folders
      under some circumstances (bmo#1596371)
    * fixed: Various theme changes to achieve "pixel perfection":
      Unread icon, "no results" icon, paragraph format and font
      selector, background of folder summary tooltip (bmo#1605612)
    * fixed: Calendar: Event attendee dialog was not displayed
      correctly (bmo#1604797)
    * fixed: Various security fixes
    MFSA 2020-04 (bsc#1160305, bsc#1160498)
    * CVE-2019-17026 (bmo#1607443)
      IonMonkey type confusion with StoreElementHole and
      FallibleStoreElement
    * CVE-2019-17015 (bmo#1599005)
      Memory corruption in parent process during new content
      process initialization on Windows
    * CVE-2019-17016 (bmo#1599181)
      Bypass of @namespace CSS sanitization during pasting
    * CVE-2019-17017 (bmo#1603055)
      Type Confusion in XPCVariant.cpp
    * CVE-2019-17021 (bmo#1599008)
      Heap address disclosure in parent process during content
      process initialization on Windows
    * CVE-2019-17022 (bmo#1602843)
      CSS sanitization does not escape HTML tags
    * CVE-2019-17024 (bmo#1507180, bmo#1595470, bmo#1598605,
      bmo#1601826)
      Memory safety bugs fixed in Thunderbird 68.4.1
  - Removed patch that is now upstream: mozilla-bmo1511604.patch
  - Added patch to fix broken URL-bar on s390x:
    mozilla-bmo1602730.patch
* Tue Dec 17 2019 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 68.3.1
    * changed: In dark theme unread messages no longer shown in
      blue to distinguish from tagged messages (bmo#1596702)
    * changed: Account setup is now using client side DNS MX lookup
      instead of relying on a server. (bmo#1349337)
    * fixed: Searching LDAP address book crashed in some
      circumstances (bmo#1601389)
    * fixed: Message navigation with backward and forward buttons
      did not work in some circumstances (bmo#533504)
    * fixed: WebExtension toolbar icons were displayed too small
      (bmo#1598955)
    * fixed: Calendar: Tasks due today were not listed in bold
      (bmo#1598885)
    * fixed: Calendar: Last day of long-running events was not
      shown (bmo#1572964)
* Wed Dec 04 2019 martin.sirringhaus@suse.com
  - Mozilla Firefox Thunderbird 68.3
    * new: Message display toolbar action WebExtension API
      (bmo#1531597)
    * new: Navigation buttons are now available in content tabs,
      for example those opened via an add-on search (bmo#787683)
    * changed: "New email" icon in Windows systray changed from in-
      tray with arrow to envelope (bmo#1594200)
    * fixed: Icons of attachments in the attachment pane of the
      Write window not always correct (bmo#1593280)
    * fixed: Toolbar buttons of add-ons in the menubar not shown
      after startup (bmo#1584160)
    * fixed: LDAP lookup not working when SSL was enabled. LDAP
      search not working when "All Address Books" was selected.
      (bmo#1576364)
    * fixed: Scam link confirmation panel not working (bmo#1596413)
    * fixed: In Write window, the Link Properties dialog wasn't
      showing named anchors in context menu (bmo#1593629)
    * fixed: Calendar: Start-up failed if the application menu is
      not on the calendar toolbars (bmo#1588516)
    * fixed: Chat: Account reordering via drag-and-drop not working
      on Instant messaging status dialog (Show Accounts)
      (bmo#1591505)
    MFSA 2019-37 (bsc#1158328)
    * CVE-2019-17008 (bmo#1546331)
      Use-after-free in worker destruction
    * CVE-2019-13722 (bmo#1580156)
      Stack corruption due to incorrect number of arguments in
      WebRTC code
    * CVE-2019-11745 (bmo#1586176)
      Out of bounds write in NSS when encrypting with a block
      cipher
    * CVE-2019-17009 (bmo#1510494)
      Updater temporary files accessible to unprivileged processes
    * CVE-2019-17010 (bmo#1581084)
      Use-after-free when performing device orientation checks
    * CVE-2019-17005 (bmo#1584170)
      Buffer overflow in plain text serializer
    * CVE-2019-17011 (bmo#1591334)
      Use-after-free when retrieving a document in antitracking
    * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667,
      bmo#1567209, bmo#1580288, bmo#1585760, bmo#1592502)
      Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
* Tue Nov 26 2019 martin.sirringhaus@suse.com
  - Remove patch thunderbird-broken-locales-build.patch due to
    switch to a different method for building locales
  - Added patch mozilla-bmo849632.patch to fix some webgl-problems
    on big endian machines (sync from FF)
* Mon Nov 04 2019 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 68.2.1
    * new: A language for the user interface can now be chosen in
      the advanced settings (multilingual UI) (bmo#1590206)
    * fixed: Problem with Google authentication (OAuth2)
      (bmo#1592407)
    * fixed: Selected or unread messages not shown in the correct
      color in the thread pane (message list) under some
      circumstances (bmo#1585765)
    * fixed: When using a language pack, names of standard folders
      weren't localized (bmo#1575512, boo#1149126)
    * fixed: Address book default startup directory in preferences
      panel not persisted (bmo#1591364)
    * fixed: Various visual glitches: Conditions in filter editor
      not high enough, folder location widget not showing folder
      name, problem with menubar customization, add-on home page
      links accumulating, theme issues on Windows 7 (bmo#1590666)
    * fixed: Issues when upgrading from a 32bit version of
      Thunderbird to a 64bit version. Note: If your profile is
      still not recognised, selected it by visiting about:profiles
      in the Troubleshooting Information. (bmo#1587067)
    * fixed: Chat: Extended context menu on Instant messaging
      status dialog (Show Accounts) (bmo#1591506)
  - added mozilla-bmo1504834-part4.patch to fix some visual issues
    on big endian platforms
* Wed Oct 23 2019 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 68.2
    * new: Message Display WebExtension API
    * new: Message Search WebExtension API
    * Bugfixes
      Better visual feedback for unread messages when using the
      dark theme
      Various issues when editing mailing lists
      Integration with macOS addressbook and notifications not working
      after introduction of notarization
      Application windows not maintaining their size after restart
      Issues when upgrading from a 32bit version of Thunderbird to a
      64bit version.
    * various security fixes
    MFSA 2019-33/2019-35 (bsc#1154738)
    * CVE-2019-15903 (bmo#1584907)
      Heap overflow in expat library in XML_GetCurrentLineNumber
    * CVE-2019-11757 (bmo#1577107)
      Use-after-free when creating index updates in IndexedDB
    * CVE-2019-11758 (bmo#1536227)
      Potentially exploitable crash due to 360 Total Security
    * CVE-2019-11759 (bmo#1577953)
      Stack buffer overflow in HKDF output
    * CVE-2019-11760 (bmo#1577719)
      Stack buffer overflow in WebRTC networking
    * CVE-2019-11761 (bmo#1561502)
      Unintended access to a privileged JSONView object
    * CVE-2019-11762 (bmo#1582857)
      document.domain-based origin isolation has same-origin-
      property violation
    * CVE-2019-11763 (bmo#1584216)
      Incorrect HTML parsing results in XSS bypass technique
    * CVE-2019-11764 (bmo#1548044, bmo#1558522, bmo#1571223,
      bmo#1573048, bmo#1575217, bmo#1577061, bmo#1578933,
      bmo#1581950, bmo#1583463, bmo#1583684, bmo#1586599,
      bmo#1586845)
      Memory safety bugs fixed in Thunderbird 68.2
  - removed upstream patches:
    * mozilla-bmo1512162.patch
    * mozilla-bmo1573381.patch
    * mozilla-bmo1585099.patch
* Mon Oct 14 2019 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 68.1.2 (bsc#1153879)
    Bugfixes
    * Some attachments couldn't be opened in messages originating from
      MS Outlook 2016
    * Address book import from CSV
    * Performance problem in message body search
    * Ctrl+Enter to send a message would open an attachment if the
      attachment pane had focus
    * Calendar: Issues with "Today Pane" start-up
    * Calendar: Glitches with custom repeat and reminder number input
    * Calendar: Problems with WCAP provider
  - add mozilla-bmo1585099.patch to fix build with rust >= 1.38
  - add mozilla-fix-top-level-asm.patch to fix LTO build (w/o PGO)
  - updated translations-other locale list
  - remove kde.js since disabling instantApply breaks extensions and
    is obsolete with the move to HTML views for preferences (boo#1151186)
  - Update create-tar.sh (bsc#1152778)
  - Update mozilla-bmo1512162.patch to the patch now commited upstream
    * No more -O1 builds for ppc64le necessary
  - Deactivate currently useless crashreporter for the last remaining
    arch
* Fri Sep 27 2019 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 68.1.1
    Bugfixes
    * Issues with attachments in IMAP messages
    * Gmail accounts ignored a non-standard trash folder selection
    * Entering/pasting lists of recipients into the addressing widget or
      mailing list not working reliably, especially when lists contained
      multiple commas or semicolons
    * Edit mailing list not working
    * Various theme fixes, especially dark theme improvements for Calendar
    * Contrast between tag label and background not optimal
    * Account Central pane always loaded at start-up
    * "Config Editor" button not removed if blocked by policy
    * Calendar: Free/busy information in attendees dialog not scrolled
      correctly. Note: Scroll arrows still not behaving correctly
    MFSA 2019-32
    * CVE-2019-11755 (bmo#1240290)
      Spoofing a message author via a crafted S/MIME message
* Thu Sep 12 2019 martin.sirringhaus@suse.com
  - Mozilla Thunderbird 68.1.0
    * Offer to configure Exchange accounts for Office365. A third-
      party add-on is required for this account type.
      IMAP still exists as alternative.
    * Edit tag not working
    * Write window: "Insert > Characters and Symbols" not working
    * Moving/dragging messages from "Search Messages" result
      dialog not working
    * Command line -compose "attachment=" not working
    * Custom views not working
    * Issues with list of content types/actions for incoming attachments
    * "Learn More" links in Error Console not working
    * Visual glitches: Quick Filter Bar tag buttons too tall, missing
      scroll bar on Connection Setting subdialog, LDAP server
      selection after "New", "Edit" and "Delete"
    * Calendar: Parts of CalDAV dialog not working
    MFSA 2019-30
    * CVE-2019-11739 (bmo#1571481, bsc#1150939)
      Covert Content Attack on S/MIME encryption using a crafted
      multipart/alternative message
    * CVE-2019-11746 (bmo#1564449, bsc#1149297)
      Use-after-free while manipulating video
    * CVE-2019-11744 (bmo#1562033, bsc#1149304)
      XSS by breaking out of title and textarea elements using
      innerHTML
    * CVE-2019-11742 (bmo#1559715, bsc#1149303)
      Same-origin policy violation with SVG filters and canvas to
      steal cross-origin images
    * CVE-2019-11752 (bmo#1501152, bsc#1149296)
      Use-after-free while extracting a key value in IndexedDB
    * CVE-2019-11743 (bmo#1560495, bsc#1149298,
      https://w3c.github.io/navigation-timing)
      Cross-origin access to unload event attributes
    * CVE-2019-11740 (bmo#1563133, bmo#1573160, bsc#1149299)
      Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1,
      Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9
  - Mozilla Thunderbird 68.0
    * based on Firefox ESR 68
    * File link attachments can now be linked to again instead of
      uploading them again
    * Mark all folders of an account as read
    * Run filters periodically. Improved filter logging
    * OAuth2 authentication for Yandex
    * Language packs can now be selected in the Advanced Options.
      Preference intl.multilingual.enabled needs to be set (and possily
      also extensions.langpacks.signatures.required needs to be set to false)
    * Added a policy engine that allows customized Thunderbird deployments
      in enterprise environments, using Windows Group Policy or a
      cross-platform JSON file
    * TCP keepalive for IMAP protocol
    * Full Unicode support for MAPI interfaces: New support for MAPISendMailW
    * Calendar: Time zone data can now include past and future changes.
      All known time zone changes from 2018 to 2022 are included.
    * Chat: In each conversation an individual spellcheck language can
      be selected now
    MFSA 2019-28
    * CVE-2019-11711 (bmo#1552541)
      Script injection within domain through inner window reuse
    * CVE-2019-11712 (bmo#1543804)
      Cross-origin POST requests can be made with NPAPI plugins by
      following 308 redirects
    * CVE-2019-11713 (bmo#1528481)
      Use-after-free with HTTP/2 cached stream
    * CVE-2019-11714 (bmo#1542593)
      NeckoChild can trigger crash when accessed off of main thread
    * CVE-2019-11729 (bmo#1515342)
      Empty or malformed p256-ECDH public keys may trigger a
      segmentation fault
    * CVE-2019-11715 (bmo#1555523)
      HTML parsing error can contribute to content XSS
    * CVE-2019-11716 (bmo#1552632)
      globalThis not enumerable until accessed
    * CVE-2019-11717 (bmo#1548306)
      Caret character improperly escaped in origins
    * CVE-2019-11719 (bmo#1540541)
      Out-of-bounds read when importing curve25519 private key
    * CVE-2019-11720 (bmo#1556230)
      Character encoding XSS vulnerability
    * CVE-2019-11721 (bmo#1256009)
      Domain spoofing through unicode latin 'kra' character
    * CVE-2019-11730 (bmo#1558299)
      Same-origin policy treats all files in a directory as having
      the same-origin
    * CVE-2019-11723 (bmo#1528335)
      Cookie leakage during add-on fetching across private browsing
      boundaries
    * CVE-2019-11724 (bmo#1512511)
      Retired site input.mozilla.org has remote troubleshooting
      permissions
    * CVE-2019-11725 (bmo#1483510)
      Websocket resources bypass safebrowsing protections
    * CVE-2019-11727 (bmo#1552208)
      PKCS#1 v1.5 signatures can be used for TLS 1.3
    * CVE-2019-11728 (bmo#1552993)
      Port scanning through Alt-Svc header
    * CVE-2019-11710 (bmo#1400563, bmo#1507696, bmo#1510345,
      bmo#1533842, bmo#1535482, bmo#1535848, bmo#1537692,
      bmo#1540590, bmo#1544180, bmo#1547472, bmo#1547760,
      bmo#1548611, bmo#1549768, bmo#1551907)
      Memory safety bugs fixed in Firefox 68 and Thunderbird 68
    * CVE-2019-11709 (bmo#1515052, bmo#1533522, bmo#1539219,
      bmo#1540759, bmo#1547266, bmo#1547757, bmo#1548822,
      bmo#1550498, bmo#1550498)
      Memory safety bugs fixed in Firefox 68, Firefox ESR 60.8, and
      Thunderbird 68
  - removed patches that are now upstream
    * mozilla-bmo1375074.patch
    * mozilla-i586-DecoderDoctorLogger.patch
    * mozilla-i586-domPrefs.patch
    * mozilla-bmo1464766.patch
    * mozilla-bigendian_bit_flags_alias.patch
  - added patch to make builds reproducible
    * mozilla-bmo1568145.patch
  - added a bunch of patches mainly for big endian platforms
    * mozilla-bmo1504834-part1.patch
    * mozilla-bmo1504834-part2.patch
    * mozilla-bmo1504834-part3.patch
    * mozilla-bmo1511604.patch
    * mozilla-bmo1512162.patch
    * mozilla-bmo1554971.patch
    * mozilla-bmo1573381.patch
    * mozilla-nestegg-big-endian.patch
    * mozilla-ppc-altivec_static_inline.patch
  - added patches to fix build on armv7:
    * mozilla-bmo1463035.patch
    * mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
  - added patch to fix non-return function
    * mozilla-cubeb-noreturn.patch
  - added patch to fix aarch64 build:
    * mozilla-fix-aarch64-libopus.patch (bmo#1539737)
  - added patch to reduce build-load
    * mozilla-reduce-rust-debuginfo.patch
  - added patch to fix locales-build
    * thunderbird-broken-locales-build.patch
  - added patch to fix implicit declarations
    * mozilla-openaes-decl.patch
  - added samba-patch from Firefox
    * mozilla-ntlm-full-path.patch
* Fri Jul 12 2019 martin.sirringhaus@suse.com
  - Mozilla Firefox Thunderbird 60.8
    MFSA 2019-23 (bsc#1140868)
    * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327)
      Sandbox escape via installation of malicious language pack
    * CVE-2019-11711 (bmo#1552541)
      Script injection within domain through inner window reuse
    * CVE-2019-11712 (bmo#1543804)
      Cross-origin POST requests can be made with NPAPI plugins by
      following 308 redirects
    * CVE-2019-11713 (bmo#1528481)
      Use-after-free with HTTP/2 cached stream
    * CVE-2019-11729 (bmo#1515342)
      Empty or malformed p256-ECDH public keys may trigger a
      segmentation fault
    * CVE-2019-11715 (bmo#1555523)
      HTML parsing error can contribute to content XSS
    * CVE-2019-11717 (bmo#1548306)
      Caret character improperly escaped in origins
    * CVE-2019-11719 (bmo#1540541)
      Out-of-bounds read when importing curve25519 private key
    * CVE-2019-11730 (bmo#1558299)
      Same-origin policy treats all files in a directory as having
      the same-origin
    * CVE-2019-11709 (bmo#1515052, bmo#1533522, bmo#1539219,
      bmo#1540759, bmo#1547266, bmo#1547757, bmo#1548822,
      bmo#1550498, bmo#1550498)
      Memory safety bugs fixed in Firefox 68, Firefox ESR 60.8, and
      Thunderbird 60.8
  - Calendar: Problems when editing event times, some related to
    AM/PM setting in non-English locales
* Fri Jun 21 2019 martin.sirringhaus@suse.com
  - Mozilla Firefox Thunderbird 60.7.2
    MFSA 2019-20 (bsc#1138872)
    * CVE-2019-11707 (bmo#1544386)
      Type confusion in Array.pop
    * CVE-2019-11708 (bmo#1559858)
      sandbox escape using Prompt:Open
* Fri Jun 14 2019 martin.sirringhaus@suse.com
  - Mozilla Firefox Thunderbird 60.7.1
    MFSA 2019-17 (bsc#1137595)
    * CVE-2019-11703 (bmo#1553820)
      Heap buffer overflow in icalparser.c
    * CVE-2019-11704 (bmo#1553814)
      Heap buffer overflow in icalvalue.c
    * CVE-2019-11705 (bmo#1553808)
      Stack buffer overflow in icalrecur.c
    * CVE-2019-11706 (bmo#1555646)
      Type confusion in icalproperty.c
  - No prompt for smartcard PIN when S/MIME signing is used
  - Removed obsolete patches:
      [thunderbird-bsc1137595.patch]
* Thu Jun 13 2019 martin.sirringhaus@suse.com
  - Fix security vulnerabilities in Thunderbird 60.7 (bsc#1137595)
    * CVE-2019-11706 (bmo#1555646)
    * CVE-2019-11705 (bmo#1553808)
    * CVE-2019-11704 (bmo#1553814)
    * CVE-2019-11703 (bmo#1553820)
  - Added patches:
      [thunderbird-bsc1137595.patch]
* Fri May 24 2019 martin.sirringhaus@suse.com
  - Mozilla Firefox Thunderbird 60.7
    MFSA 2019-15
    * CVE-2019-9815 (bmo#1546544, https://mdsattacks.com/)
      Disable hyperthreading on content JavaScript threads on macOS
    * CVE-2019-9816 (bmo#1536768)
      Type confusion with object groups and UnboxedObjects
    * CVE-2019-9817 (bmo#1540221)
      Stealing of cross-domain images using canvas
    * CVE-2019-9818 (bmo#1542581)
      Use-after-free in crash generation server
    * CVE-2019-9819 (bmo#1532553)
      Compartment mismatch with fetch API
    * CVE-2019-9820 (bmo#1536405)
      Use-after-free of ChromeEventHandler by DocShell
    * CVE-2019-11691 (bmo#1542465)
      Use-after-free in XMLHttpRequest
    * CVE-2019-11692 (bmo#1544670)
      Use-after-free removing listeners in the event listener
      manager
    * CVE-2019-11693 (bmo#1532525)
      Buffer overflow in WebGL bufferdata on Linux
    * CVE-2019-7317 (bmo#1542829)
      Use-after-free in png_image_free of libpng library
    * CVE-2019-9797 (bmo#1528909)
      Cross-origin theft of images with createImageBitmap
    * CVE-2018-18511 (bmo#1526218)
      Cross-origin theft of images with ImageBitmapRenderingContext
    * CVE-2019-11694 (bmo#1534196)
      Uninitialized memory memory leakage in Windows sandbox
    * CVE-2019-11698 (bmo#1543191)
      Theft of user history data through drag and drop of
      hyperlinks to and from bookmarks
    * CVE-2019-5798 (bmo#1535518)
      Out-of-bounds read in Skia
    * CVE-2019-9800 (bmo#1499108, bmo#1499719, bmo#1516325,
      bmo#1532465, bmo#1533554, bmo#1534593, bmo#1535194,
      bmo#1535612, bmo#1538042, bmo#1538619, bmo#1538736,
      bmo#1540136, bmo#1540166, bmo#1541580, bmo#1542097,
      bmo#1542324, bmo#1546327)
      Memory safety bugs fixed in Firefox 67, Firefox ESR 60.7, and
      Thunderbird 60.7
  - Attachment pane of Write window no longer focussed when attaching files using a keyboard shortcut
* Mon May 20 2019 martin.sirringhaus@suse.com
  - Reactivate s390x
    * Merged big endian patches from MozillaFirefox to make
      Thunderbird compile under s390x again (see below)
    * Added ac_option --with-system-icu (same as Firefox, but in
      this case only for big endian machines as not to break
      existing archs)
  - Added patches:
      [mozilla-bmo1005535.patch]
      [mozilla-bigendian_bit_flags_alias.patch]
      [mozilla-s390-bigendian.patch]
      [mozilla-s390-context.patch]
* Fri May 17 2019 martin.sirringhaus@suse.com
  - Sync with Devel:Mozilla:*:next
* Thu May 16 2019 martin.sirringhaus@suse.com
  - Merge changes from MozillaFirefox
    * Merge spec-file update "Enable Firefox to build with
      Rust >= 1.30 with fix" (revision 28)
    * Merge create-tar.sh to now download tar-balls for thunderbird
      directly as is done with Firefox
* Mon Mar 25 2019 wr@rosenauer.org
  - Mozilla Thunderbird 60.6.1
    MFSA 2019-12 (bsc#1130262)
    * CVE-2019-9810 (bmo#1537924)
      IonMonkey MArraySlice has incorrect alias information
    * CVE-2019-9813 (bmo#1538006)
      Ionmonkey type confusion with __proto__ mutations
* Wed Mar 20 2019 wr@rosenauer.org
  - Mozilla Thunderbird 60.6.0
    * Calendar: Can't create repeating event with end date when using
      certain time zones, for example Europe/Minsk
    * some minor bugfixes
    * using 60.6.0esr Mozilla platform (bsc#1129821)
* Thu Mar 07 2019 wr@rosenauer.org
  - Mozilla Thunderbird 60.5.3
    * fixed a regression on the Windows platform:
      Problem when using "Send to > Mail recipient" on Windows
* Sun Feb 24 2019 wr@rosenauer.org
  - Mozilla Thunderbird 60.5.2
    * UTF-8 support for MAPISendMail
    * Problem with S/MIME certificate verification when receiving email
      from Outlook (issue introduced in version 60.5.1)
* Thu Feb 14 2019 wr@rosenauer.org
  - Mozilla Thunderbird 60.5.1
    * CalDav access to some servers not working
    MFSA 2019-06 (bsc#1125330)
    * CVE-2018-18356 bmo#1525817
      Use-after-free in Skia
    * CVE-2019-5785 bmo#1525433
      Integer overflow in Skia
    * CVE-2018-18335 bmo#1525815
      Buffer overflow in Skia with accelerated Canvas 2D
    * CVE-2018-18509 bmo#1507218
      S/MIME signature spoofing
* Fri Jan 25 2019 wr@rosenauer.org
  - Mozilla Thunderbird 60.5.0:
    * FileLink provider WeTransfer to upload large attachments
    * Thunderbird now allows the addition of OpenSearch search engines
      from a local XML file using a minimal user inferface: [+] button
      to select a file an add, [-] to remove.
    * More search engines: Google and DuckDuckGo available by default
      in some locales
    * During account creation, Thunderbird will now detect servers
      using the Microsoft Exchange protocol. It will offer the
      installation of a 3rd party add-on (Owl) which supports that
      protocol.
    * Thunderbird now compatible with other WebExtension-based
      FileLink add-ons like the Dropbox add-on
    MFSA 2019-03 (bsc#1122983)
    * CVE-2018-18500 bmo#1510114
      Use-after-free parsing HTML5 stream
    * CVE-2018-18505 bmo#1497749
      Privilege escalation through IPC channel messages
    * CVE-2016-5824 bmo#1275400
      DoS (use-after-free) via a crafted ics file
    * CVE-2018-18501 bmo#1512450 bmo#1517542 bmo#1513201 bmo#1460619
      bmo#1502871 bmo#1516738 bmo#1516514
      Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
  - requires NSS 3.36.7
  - removed obsolete patch
    mozilla-no-stdcxx-check.patch
  - rebased patches
* Fri Dec 21 2018 astieger@suse.com
  - Mozilla Thunderbird 60.4.0:
    * New WebExtensions FileLink API to facilitate add-ons
    * Fix decoding problems for messages with less common charsets
      (cp932, cp936)
    * New messages in the drafts folder (and other special or virtual
      folders) will no longer be included in the new messages
      notification
    MFSA 2018-31
    * CVE-2018-17466 bmo#1488295
      Buffer overflow and out-of-bounds read in ANGLE library with
      TextureStorage11
    * CVE-2018-18492 bmo#1499861
      Use-after-free with select element
    * CVE-2018-18493 bmo#1504452
      Buffer overflow in accelerated 2D canvas with Skia
    * CVE-2018-18494 bmo#1487964
      Same-origin policy violation using location attribute and
      performance.getEntries to steal cross-origin URLs
    * CVE-2018-18498 bmo#1500011
      Integer overflow when calculating buffer sizes for images
    * CVE-2018-12405 bmo#1494752 bmo#1503326 bmo#1505181 bmo#1500759
      bmo#1504365 bmo#1506640 bmo#1503082 bmo#1502013 bmo#1510471
      Memory safety bugs fixed in Firefox 64, 60.4, and Thunderbird 60.4
  - requires NSS 3.36.6
* Tue Dec 04 2018 wr@rosenauer.org
  - Mozilla Thunderbird 60.3.3
    * Thunderbird 60 will migrate security databases (key3.db, cert8.db
      to key4.db, cert9.db). Thunderbird 60.3.2 and earlier contained a
      fault that potentially deleted saved passwords and private certificate
      keys for users using a master password. Version 60.3.3 will prevent
      the loss of data; affected users who have already upgraded to version
      60.3.2 or earlier can restore the deleted key3.db file from backup
      to complete the migration.
    * Address book search and auto-complete slowness introduced in
      Thunderbird 60.3.2
    * Plain text markup with * for bold, / for italics, _ for underline
      and | for code did not work when the enclosed text contained
      non-ASCII characters
    * While composing a message, a link not removed when link location
      was removed in the link properties panel
* Mon Dec 03 2018 astieger@suse.com
  - Fix build on openSUSE Leap 15.x w.r.t. rust-std requirement
* Thu Nov 29 2018 wr@rosenauer.org
  - Mozilla Thunderbird 60.3.2
    * Encoding problems when exporting address books or messages using
      the system charset. Messages are now always exported using the
      UTF-8 encoding
    * If the "Date" header of a message was invalid, Jan 1970 or Dec 1969
      was displayed. Now using date from "Received" header instead.
    * Body search/filtering didn't reliably ignore content of tags
    * Inappropriate warning "Thunderbird prevented the site
      (addons.thunderbird.net) from asking you to install software on
      your computer" when installing add-ons
    * Incorrect display of correspondents column since own email
      address was not always detected
    * Spurious &#xA; (encoded newline) inserted into drafts and sent email
* Thu Nov 15 2018 astieger@suse.com
  - Mozilla Thunderbird 60.3.1:
    * Double-clicking on a word in the Write window sometimes
      launched the Advanced Property Editor or Link Properties dialog
    * Fixe Cookie removal
    * "Download rest of message" was not working if global inbox was
      used
    * Fix Encoding problems for users (especially in Poland) when a
      file was sent via a folder using "Sent to > Mail recipient"
      due to a problem in the Thunderbird MAPI interface
    * According to RFC 4616 and RFC 5721, passwords containing
      non-ASCII characters are encoded using UTF-8 which can lead to
      problems with non-compliant providers, for example
      office365.com. The SMTP LOGIN and POP3 USER/PASS
      authentication methods are now using a Latin-1 encoding again
      to work around this issue
    * Fix shutdown crash/hang after entering an empty IMAP password
* Tue Oct 30 2018 wr@rosenauer.org
  - update to Thunderbird 60.3.0
    * various theme fixes
    * Shift+PageUp/PageDown in Write window
    * Gloda attachment filtering
    * Mailing list address auto-complete enter/return handling
    * Thunderbird hung if HTML signature references non-existent image
    * Filters not working for headers that appear more than once
  - Security fixes for the Mozilla platform picked up from 60.3
    (Firefox ESR release). In general, these flaws cannot be exploited
    through email in Thunderbird because scripting is disabled when
    reading mail, but are potentially risks in browser or browser-like
    contexts (MFSA 2018-28) (bsc#1112852)
    * CVE-2018-12391 (bmo#1478843) (Android only)
      HTTP Live Stream audio data is accessible cross-origin
    * CVE-2018-12392 (bmo#1492823)
      Crash with nested event loops
    * CVE-2018-12393 (bmo#1495011)
      Integer overflow during Unicode conversion while loading JavaScript
    * CVE-2018-12389 (bmo#1498460, bmo#1499198)
      Memory safety bugs fixed in Firefox ESR 60.3
    * CVE-2018-12390 (bmo#1487098, bmo#1487660, bmo#1490234, bmo#1496159,
      bmo#1443748, bmo#1496340, bmo#1483905, bmo#1493347, bmo#1488803,
      bmo#1498701, bmo#1498482, bmo#1442010, bmo#1495245, bmo#1483699,
      bmo#1469486, bmo#1484905, bmo#1490561, bmo#1492524, bmo#1481844)
      Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
* Thu Oct 25 2018 guillaume.gardet@opensuse.org
  - Update _constraints for armv6/7
* Thu Oct 25 2018 guillaume.gardet@opensuse.org
  - Add patch to fix build on armv7:
    * mozilla-bmo1463035.patch
* Thu Oct 25 2018 guillaume.gardet@opensuse.org
  - Add memory-constraints to avoid OOM errors
* Fri Oct 12 2018 meissner@suse.com
  - provide / obsolete MozillaThunderbird-devel as this is no longer
    shipped to allow migration scenarios
* Tue Oct 02 2018 wr@rosenauer.org
  - update to Thunderbird 60.2.1:
    * Calendar: Default values for the first day of the week and
      working days are now derived from the selected datetime
      formatting locale
    * Calendar: Switch to a Photon-style icon set for all platforms
    * Fix multiple requests for master password when Google Mail or
      Calendar OAuth2 is enabled
    * Fix scrollbar of the address entry auto-complete popup
    * Fix security info dialog in compose window not showing
      certificate status
    * Fix links in the Add-on Manager's search results and theme
      browsing tabs that opened in external browser
    * Fix localization not showing the localized name for the
      "Drafts" and "Sent" folders for certain IMAP providers
    * Fix replying to a message with an empty subject which
      inserted Re: twice
    * Fix spellcheck marks disappeaing erroneously for words with
      an apostrophe
    * Calendar: First day of the week can now be set
    * Calendar: Several fixes related to cutting/deleting of events
      and email schedulin
    * Fix date display issues (bsc#1109379)
    * Fix start-up crash due to folder name with special characters
      (bsc#1107772)
  - Security fixes for the Mozilla platform picked up from 60.1 and
    60.2 (Firefox ESR releases). In general, these flaws
    cannot be exploited through email in Thunderbird because
    scripting is disabled when reading mail, but are potentially
    risks in browser or browser-like contexts (MFSA 2018-25):
    * CVE-2018-12377 (bsc#1107343, bmo#1470260)
      Use-after-free in refresh driver timers
    * CVE-2018-12378 (bsc#1107343, bmo#1459383)
      Use-after-free in IndexedDB
    * CVE-2017-16541 (bsc#1066489, bmo#1412081)
      Proxy bypass using automount and autofs
    * CVE-2018-12376 (bmo#69309,bmo#69914,bmo#50989,bmo#80092,
      bmo#80517,bmo#81093,bmo#78575,bmo#71953,bmo#73161,bmo#66991,
      bmo#68738,bmo#83120,bmo#67363,bmo#72925,bmo#66577,bmo#67889,
      bmo#80521,bsc#1107343)
      Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2
    * CVE-2018-12385 (bsc#1109363, bmo#1490585)
      Crash in TransportSecurityInfo due to cached data
    * CVE-2018-12383 (bsc#1107343, bmo#1475775)
      Setting a master password did not delete unencrypted
      previously stored passwords
* Tue Sep 11 2018 guillaume.gardet@opensuse.org
  - Update file list since minidump-analyzer is only available when
    crashreporter is enabled
* Sat Aug 25 2018 astieger@suse.com
  - remove non-free untar licenced code from distributed tarball
* Wed Aug 15 2018 bjorn.lie@gmail.com
  - Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
    conditional --disable-gconf to configure: no longer pull in
    obsolete gconf2 for Tumbleweed.
* Fri Aug 03 2018 wr@rosenauer.org
  - update to Thunderbird 60.0:
    https://www.thunderbird.net/en-US/thunderbird/60.0/releasenotes/
    * Improved message handling and composing
    * Improved handling of message templates
    * Support for OAuth2 and FIDO U2F
    * Various Calendar improvements
    * Various fixes and changes to e-mail workflow
    * Various IMAP fixes
    * Native desktop notifications
  - Security fixes which can not, in general, be exploited through
    email, but are potential risks in browser or browser-like contexts:
    MFSA 2018-19 (bsc#1098998)
    * CVE-2018-12359 (bmo#1459162)
      Buffer overflow using computed size of canvas element
    * CVE-2018-12360 (bmo#1459693)
      Use-after-free when using focus()
    * CVE-2018-12361 (bmo#1463244)
      Integer overflow in SwizzleData
    * CVE-2018-12362 (bmo#1452375)
      Integer overflow in SSSE3 scaler
    * CVE-2018-5156 (bmo#1453127)
      Media recorder segmentation fault when track type is changed
      during capture
    * CVE-2018-12363 (bmo#1464784)
      Use-after-free when appending DOM nodes
    * CVE-2018-12364 (bmo#1436241)
      CSRF attacks through 307 redirects and NPAPI plugins
    * CVE-2018-12365 (bmo#1459206)
      Compromised IPC child process can list local filenames
    * CVE-2018-12371 (bmo#1465686)
      Integer overflow in Skia library during edge builder allocation
    * CVE-2018-12366 (bmo#1464039)
      Invalid data handling during QCMS transformations
    * CVE-2018-12367 (bmo#1462891)
      Timing attack mitigation of PerformanceNavigationTiming
    * CVE-2018-5187 (bmo#1461324,bmo#1414829,bmo#1395246,bmo#1467938,
      bmo#1461619,bmo#1425930,bmo#1438556,bmo#1454285,bmo#1459568,
      bmo#1463884)
      Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and
      Thunderbird 60
    * CVE-2018-5188 (bmo#1456189,bmo#1456975,bmo#1465898,bmo#1392739,
      bmo#1451297,bmo#1464063,bmo#1437842,bmo#1442722,bmo#1452576,
      bmo#1450688,bmo#1458264,bmo#1458270,bmo#1465108,bmo#1464829,
      bmo#1464079,bmo#1463494,bmo#1458048)
      Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, Firefox
      ESR 52.9, and Thunderbird 60
  - requires NSPR 4.19 and NSS 3.36.4
  - source archives are now signed directly
    (removed checksum signature check)
  - imported patches from Firefox 60
    * mozilla-bmo1375074.patch
    * mozilla-bmo1464766.patch
    * mozilla-i586-DecoderDoctorLogger.patch
    * mozilla-i586-domPrefs.patch
  - removed obsolete patches
    * mozilla-language.patch
    * tb-ssldap.patch
    * mozilla-develdirs.patch
  - removed -devel subpackage as old-style extensions are mainly gone
  - storing of remote content settings fixed (boo#1084603)
* Tue Jul 10 2018 wr@rosenauer.org
  - update to Thunderbird 52.9.1
    * Deleting or detaching attachments corrupted messages under certain
      circumstances (bmo#1473893, bsc#1100780)
* Mon Jul 02 2018 wr@rosenauer.org
  - update to Thunderbird 52.9.0:
    MFSA 2018-16 (bsc#1098998)
    * CVE-2018-12359 (bmo#1459162)
      Buffer overflow using computed size of canvas element
    * CVE-2018-12360 (bmo#1459693)
      Use-after-free when using focus()
    * CVE-2018-12372 (bmo#1419417, bsc#1100082)
      S/MIME and PGP decryption oracles can be built with HTML emails
    * CVE-2018-12373 (bmo#1464667, bmo#1464056, bsc#1100079)
      S/MIME plaintext can be leaked through HTML reply/forward
    * CVE-2018-12362 (bmo#1452375)
      Integer overflow in SSSE3 scaler
    * CVE-2018-12363 (bmo#1464784)
      Use-after-free when appending DOM nodes
    * CVE-2018-12364 (bmo#1436241)
      CSRF attacks through 307 redirects and NPAPI plugins
    * CVE-2018-12365 (bmo#1459206)
      Compromised IPC child process can list local filenames
    * CVE-2018-12366 (bmo#1464039)
      Invalid data handling during QCMS transformations
    * CVE-2018-12374 (bmo#1462910, bsc#1100081)
      Using form to exfiltrate encrypted mail part by pressing enter in form field
    * CVE-2018-5188 (bmo#1456189,bmo#1456975,bmo#1465898,bmo#1392739,
      bmo#1451297,bmo#1464063,bmo#1437842,bmo#1442722,bmo#1452576,
      bmo#1450688,bmo#1458264,bmo#1458270,bmo#1465108,bmo#1464829,
      bmo#1464079,bmo#1463494,bmo#1458048)
      Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9
    * Thunderbird will now prompt to compact IMAP folders even if the
      account is online
    * Option for not decrypting subordinate message parts that
      otherwise might reveal decryted content to the attacker.
      Preference mailnews.p7m_subparts_external needs to be set to
      true for added security.
    * Fix various problems when forwarding messages inline when using
      "simple" HTML view
  - correct requires and provides handling (boo#1076907)
  - reduce memory footprint with %ix86 at linking time via additional
    compiler flags (boo#1091376)
* Sun Jul 01 2018 astieger@suse.com
  - Build from upstream source archive and verify source signature
    (boo#1085780)
* Sat May 19 2018 wr@rosenauer.org
  - update to Thunderbird 52.8 (bsc#1092548)
    MFSA 2018-13
    * CVE-2018-5183 (bmo#1454692)
      Backport critical security fixes in Skia
    * CVE-2018-5184 (bmo#1411592, bsc#1093152)
      Full plaintext recovery in S/MIME via chosen-ciphertext attack
    * CVE-2018-5154 (bmo#1443092)
      Use-after-free with SVG animations and clip paths
    * CVE-2018-5155 (bmo#1448774)
      Use-after-free with SVG animations and text paths
    * CVE-2018-5159 (bmo#1441941)
      Integer overflow and out-of-bounds write in Skia
    * CVE-2018-5161 (bmo#1411720)
      Hang via malformed headers
    * CVE-2018-5162 (bmo#1457721, bsc#1093152)
      Encrypted mail leaks plaintext through src attribute
    * CVE-2018-5170 (bmo#1411732)
      Filename spoofing for external attachments
    * CVE-2018-5168 (bmo#1449548)
      Lightweight themes can be installed without user interaction
    * CVE-2018-5174 (bmo#1447080) (Windows only)
      Windows Defender SmartScreen UI runs with less secure behavior
      for downloaded files in Windows 10 April 2018 Update
    * CVE-2018-5178 (bmo#1443891)
      Buffer overflow during UTF-8 to Unicode string conversion
      through legacy extension
    * CVE-2018-5185 (bmo#1450345)
      Leaking plaintext through HTML forms
    * CVE-2018-5150 (bmo#1388020,bmo#1433609,bmo#1409440,bmo#1448705,
      bmo#1451376,bmo#1452202,bmo#1444668,bmo#1393367,bmo#1411415,
      bmo#1426129)
      Memory safety bugs fixed in Firefox 60, Firefox ESR 52.8 and
      Thunderbird 52.8
* Tue Mar 27 2018 ro@suse.de
  - Exclude bigendian archs for now, have not built
    since version 45.8.0
    ExcludeArch: ppc ppc64 s390 s390x
* Fri Mar 23 2018 wr@rosenauer.org
  - update to Thunderbird 52.7
    * Searching message bodies of messages in local folders, including
      filter and quick filter operations, did not find content in
      message attachments
    * Better error handling for Yahoo accounts
  - The following security fixes are included as part of the mozilla
    platform. In general, these flaws cannot be exploited through
    email in the Thunderbird product because scripting is disabled
    when reading mail, but are potentially risks in browser or
    browser-like contexts (MFSA 2018-09, bsc#1085130, bsc#1085671):
    * CVE-2018-5127 (bmo#1430557)
      Buffer overflow manipulating SVG animatedPathSegList
    * CVE-2018-5129 (bmo#1428947)
      Out-of-bounds write with malformed IPC messages
    * CVE-2018-5144 (bmo#1440926)
      Integer overflow during Unicode conversion
    * CVE-2018-5146 (bmo#1446062)
      Out of bounds memory write in libvorbis
    * CVE-2018-5125 (bmo1416529,bmo#1434580,bmo#1434384,bmo#1437450,
      bmo#1437507,bmo#1426988,bmo#1438425,bmo#1324042,bmo#1437087,
      bmo#1443865,bmo#1425520)
      Memory safety bugs fixed in Firefox 59, Firefox ESR 52.7, and
      Thunderbird 52.7
    * CVE-2018-5145 (bmo#1261175,bmo#1348955)
      Memory safety bugs fixed in Firefox ESR 52.7 and Thunderbird
      52.7
* Wed Jan 24 2018 wr@rosenauer.org
  - update to Thunderbird 52.6 (bsc#1077291)
    * Searching message bodies of messages in local folders, including
      filter and quick filter operations, not working reliably: Content
      not found in base64-encode message parts, non-ASCII text not found
      and false positives found.
    * Defective messages (without at least one expected header) not shown
      in IMAP folders but shown on mobile devices
    * Calendar: Unintended task deletion if numlock is enabled
    * Mozilla platform security fixes
    MFSA 2018-04
    * CVE-2018-5095 (bmo#1418447)
      Integer overflow in Skia library during edge builder allocation
    * CVE-2018-5096 (bmo#1418922)
      Use-after-free while editing form elements
    * CVE-2018-5097 (bmo#1387427)
      Use-after-free when source document is manipulated during XSLT
    * CVE-2018-5098 (bmo#1399400)
      Use-after-free while manipulating form input elements
    * CVE-2018-5099 (bmo#1416878)
      Use-after-free with widget listener
    * CVE-2018-5102 (bmo#1419363)
      Use-after-free in HTML media elements
    * CVE-2018-5103 (bmo#1423159)
      Use-after-free during mouse event handling
    * CVE-2018-5104 (bmo#1425000)
      Use-after-free during font face manipulation
    * CVE-2018-5117 (bmo#1395508)
      URL spoofing with right-to-left text aligned left-to-right
    * CVE-2018-5089
      Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6
  - dropped obsolete mozilla-ucontext.patch
* Sat Dec 23 2017 wr@rosenauer.org
  - update to Thunderbird 52.5.2
    * This releases fixes the "Mailsploit" vulnerability and other
      vulnerabilities detected by the "Cure53" audit
    MFSA 2017-30
    * CVE-2017-7845 (bmo#1402372)
      Buffer overflow when drawing and validating elements with ANGLE
      library using Direct 3D 9
    * CVE-2017-7846 (bmo#1411716, bsc#1074043)
      JavaScript Execution via RSS in mailbox:// origin
    * CVE-2017-7847 (bmo#1411708, bsc#1074044)
      Local path string can be leaked from RSS feed
    * CVE-2017-7848 (bmo#1411699, bsc#1074045)
      RSS Feed vulnerable to new line Injection
    * CVE-2017-7829 (bmo#1423432, bsc#1074046)
      Mailsploit part 1: From address with encoded null character is
      cut off in message header display
* Fri Dec 08 2017 dimstar@opensuse.org
  - Explicitly buildrequires python2-xml: The build system relies on
    it. We wrongly relied on other packages pulling it in for us.
* Thu Dec 07 2017 dimstar@opensuse.org
  - Escape the usage of %{VERSION} when calling out to rpm.
    RPM 4.14 has %{VERSION} defined as 'the main packages version'.
* Wed Nov 22 2017 wr@rosenauer.org
  - update to Thunderbird 52.5.0 (bsc#1068101)
    * Better support for Charter/Spectrum IMAP: Thunderbird will now
      detect Charter's IMAP service and send an additional IMAP select
      command to the server. Check the various preferences ending in
      "force_select" to see whether auto-detection has discovered this case.
    * In search folders spanning multiple base folders clicking on a
      message sometimes marked another message as read
    * IMAP alerts have been corrected and now show the correct server
      name in case of connection problems
    * POP alerts have been corrected and now indicate connection problems
      in case the configured POP server cannot be found
    MFSA 2017-26
    * CVE-2017-7828 (bmo#1406750. bmo#1412252)
      Use-after-free of PressShell while restyling layout
    * CVE-2017-7830 (bmo#1408990)
      Cross-origin URL information leak through Resource Timing API
    * CVE-2017-7826
      Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5
* Fri Nov 10 2017 zaitor@opensuse.org
  - Drop obsolete libgnomeui-devel BuildRequires: No longer needed.
  - Add explicit pkgconfig(gconf-2.0), pkgconfig(gobject-2.0),
    pkgconfig(gtk+-2.0), pkgconfig(gtk+-unix-print-2.0),
    pkgconfig(glib-2.0), pkgconfig(gobject-2.0) and
    pkgconfig(gdk-x11-2.0) BuildRequires: Previously pulled in by
    libgnomeui-devel, and is what configure really checks for.
* Wed Oct 04 2017 astieger@suse.com
  - Mozilla Thunderbird 52.4.0 (bsc#1060445)
    * new behavior was introduced for replies to mailing list posts:
      "When replying to a mailing list, reply will be sent to address
      in From header ignoring Reply-to header". A new preference
      mail.override_list_reply_to allows to restore the previous behavior.
    * Under certain circumstances (image attachment and non-image
      attachment), attached images were shown truncated in messages
      stored in IMAP folders not synchronised for offline use.
    * IMAP UIDs > 0x7FFFFFFF now handled properly
    Security fixes from Gecko 52.4esr
    * CVE-2017-7793 (bmo#1371889)
      Use-after-free with Fetch API
    * CVE-2017-7818 (bmo#1363723)
      Use-after-free during ARIA array manipulation
    * CVE-2017-7819 (bmo#1380292)
      Use-after-free while resizing images in design mode
    * CVE-2017-7824 (bmo#1398381)
      Buffer overflow when drawing and validating elements with ANGLE
    * CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement)
      Use-after-free in TLS 1.2 generating handshake hashes
    * CVE-2017-7814 (bmo#1376036)
      Blob and data URLs bypass phishing and malware protection warnings
    * CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only)
      OS X fonts render some Tibetan and Arabic unicode characters as spaces
    * CVE-2017-7823 (bmo#1396320)
      CSP sandbox directive did not create a unique origin
    * CVE-2017-7810
      Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4
* Thu Sep 28 2017 dimstar@opensuse.org
  - Add alsa-devel BuildRequires: we care for ALSA support to be
    built and thus need to ensure we get the dependencies in place.
    In the past, alsa-devel was pulled in by accident: we
    buildrequire libgnome-devel. This required esound-devel and that
    in turn pulled in alsa-devel for us. libgnome is being fixed to
    no longer require esound-devel.
* Tue Aug 15 2017 wr@rosenauer.org
  - update to Thunderbird 52.3 (boo#1052829)
    Fixed issues:
    * Unwanted inline images shown in rogue SPAM messages
    * Deleting message from the POP3 server not working when maildir
      storage was used
    * Message disposition flag (replied / forwarded) lost when reply or
      forwarded message was stored as draft and draft was sent later
    * Inline images not scaled to fit when printing
    * Selected text from another message sometimes included in a reply
    * No authorisation prompt displayed when inserting image into email
      body although image URL requires authentication
    * Large attachments taking a long time to open under some circumstances
    security
    Security fixes from Gecko 52.3esr
    * CVE-2017-7798 (bmo#1371586, bmo#1372112)
      XUL injection in the style editor in devtools
    * CVE-2017-7800 (bmo#1374047)
      Use-after-free in WebSockets during disconnection
    * CVE-2017-7801 (bmo#1371259)
      Use-after-free with marquee during window resizing
    * CVE-2017-7784 (bmo#1376087)
      Use-after-free with image observers
    * CVE-2017-7802 (bmo#1378147)
      Use-after-free resizing image elements
    * CVE-2017-7785 (bmo#1356985)
      Buffer overflow manipulating ARIA attributes in DOM
    * CVE-2017-7786 (bmo#1365189)
      Buffer overflow while painting non-displayable SVG
    * CVE-2017-7753 (bmo#1353312)
      Out-of-bounds read with cached style data and pseudo-elements#
    * CVE-2017-7787 (bmo#1322896)
      Same-origin policy bypass with iframes through page reloads
    * CVE-2017-7807 (bmo#1376459)
      Domain hijacking through AppCache fallback
    * CVE-2017-7792 (bmo#1368652)
      Buffer overflow viewing certificates with an extremely long OID
    * CVE-2017-7804 (bmo#1372849)
      Memory protection bypass through WindowsDllDetourPatcher
    * CVE-2017-7791 (bmo#1365875)
      Spoofing following page navigation with data: protocol and modal alerts
    * CVE-2017-7782 (bmo#1344034)
      WindowsDllDetourPatcher allocates memory without DEP protections
    * CVE-2017-7803 (bmo#1377426)
      CSP containing 'sandbox' improperly applied
    * CVE-2017-7779
      Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
* Wed Aug 09 2017 schwab@suse.de
  - mozilla-ucontext.patch: use ucontext_t instead of struct ucontext
* Wed Jun 28 2017 guillaume@opensuse.org
  - mozilla-disable-neon-option.patch has been dropped silently, so
    remove the --disable-neon option as it is not available anymore.
* Sun Jun 25 2017 wr@rosenauer.org
  - update to Thunderbird 52.2.1
    * Problems with Gmail fixed (folders not showing, repeated email
      download, etc.) introduced in version 52.2.0. (boo#1045895)
* Wed Jun 14 2017 wr@rosenauer.org
  - update to Thunderbird 52.2 (boo#1043960)
    * Embedded images not shown in email received from Hotmail/Outlook
      webmailer
    * Detection of non-ASCII font names in font selector
    * Attachment not forwarded correctly under certain circumstances
    * Multiple requests for master password when GMail OAuth2 is enabled
    * Large number of blank pages being printed under certain
      circumstances when invalid preferences were present
    * Messages sent via the Simple MAPI interface are forced to HTML
    * Calendar: Invitations can't be printed
    * Mailing list (group) not accessible from macOS or Outlook address book
    * Clicking on links with references/anchors where target doesn't
      exist in the message not opening in external browser
    MFSA 2017-17
    * CVE-2017-5472 (bmo#1365602)
      Use-after-free using destroyed node when regenerating trees
    * CVE-2017-7749 (bmo#1355039)
      Use-after-free during docshell reloading
    * CVE-2017-7750 (bmo#1356558)
      Use-after-free with track elements
    * CVE-2017-7751 (bmo#1363396)
      Use-after-free with content viewer listeners
    * CVE-2017-7752 (bmo#1359547)
      Use-after-free with IME input
    * CVE-2017-7754 (bmo#1357090)
      Out-of-bounds read in WebGL with ImageInfo object
    * CVE-2017-7756 (bmo#1366595)
      Use-after-free and use-after-scope logging XHR header errors
    * CVE-2017-7757 (bmo#1356824)
      Use-after-free in IndexedDB
    * CVE-2017-7778, CVE-2017-7778, CVE-2017-7771, CVE-2017-7772,
      CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776,
      CVE-2017-7777
      Vulnerabilities in the Graphite 2 library
    * CVE-2017-7758 (bmo#1368490)
      Out-of-bounds read in Opus encoder
    * CVE-2017-7763 (bmo#1360309)
      Mac fonts render some unicode characters as spaces (MacOS only)
    * CVE-2017-7764 (bmo#1364283)
      Domain spoofing with combination of Canadian Syllabics and other
      unicode blocks
    * CVE-2017-7765 (bmo#1273265)
      Mark of the Web bypass when saving executable files (Windows only)
    * CVE-2017-5470
      Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2
  - requires NSS 3.28.5
* Sun Jun 04 2017 wr@rosenauer.org
  - remove legacy -Os optimization breaking gcc7/i586 (boo#1042090)
* Thu Jun 01 2017 wr@rosenauer.org
  - explicitely optimize with -O2 for openSUSE > 13.2/Leap 42 to work
    with gcc7 (boo#1040105, boo#1042090)
* Thu May 11 2017 wr@rosenauer.org
  - update to Thunderbird 52.1.1
    * fixed crash when compacting IMAP folder (boo#1038753)
    * Some attachments could not be opened or saved if the message
      body is empty
    * Unable to load full message via POP if message was downloaded
      partially (or only headers) before
    * Large attachments may not be shown or saved correctly if the
      message is stored in an IMAP folder which is not synchronized
      for offline use
* Mon May 01 2017 wr@rosenauer.org
  - update to Thunderbird 52.1.0
    * Background images not working and other issues related to
      embedded images when composing email have been fixed
    * Google Oauth setup can sometimes not progress to the next step
    * requires NSS >= 3.28.4
  - security fixes (boo#1035082), MFSA 2017-13
    * CVE-2017-5443 (bmo#1342661)
      Out-of-bounds write during BinHex decoding
    * CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894,
      bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088)
      Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and
      Firefox ESR 52.1
    * CVE-2017-5464 (bmo#1347075)
      Memory corruption with accessibility and DOM manipulation
    * CVE-2017-5465 (bmo#1347617)
      Out-of-bounds read in ConvolvePixel
    * CVE-2017-5466 (bmo#1353975)
      Origin confusion when reloading isolated data:text/html URL
    * CVE-2017-5467 (bmo#1347262)
      Memory corruption when drawing Skia content
    * CVE-2017-5460 (bmo#1343642)
      Use-after-free in frame selection
    * CVE-2017-5461 (bmo#1344380)
      Out-of-bounds write in Base64 encoding in NSS
    * CVE-2017-5449 (bmo#1340127)
      Crash during bidirectional unicode manipulation with animation
    * CVE-2017-5446 (bmo#1343505)
      Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
    * CVE-2017-5447 (bmo#1343552)
      Out-of-bounds read during glyph processing
    * CVE-2017-5444 (bmo#1344461)
      Buffer overflow while parsing application/http-index-format content
    * CVE-2017-5445 (bmo#1344467)
      Uninitialized values used while parsing application/http-index-format
      content
    * CVE-2017-5442 (bmo#1347979)
      Use-after-free during style changes
    * CVE-2017-5469 (bmo#1292534)
      Potential Buffer overflow in flex-generated code
    * CVE-2017-5440 (bmo#1336832)
      Use-after-free in txExecutionState destructor during XSLT processing
    * CVE-2017-5441 (bmo#1343795)
      Use-after-free with selection during scroll events
    * CVE-2017-5439 (bmo#1336830)
      Use-after-free in nsTArray Length() during XSLT processing
    * CVE-2017-5438 (bmo#1336828)
      Use-after-free in nsAutoPtr during XSLT processing
    * CVE-2017-5437 (bmo#1343453)
      Vulnerabilities in Libevent library
    * CVE-2017-5436 (bmo#1345461)
      Out-of-bounds write with malicious font in Graphite 2
    * CVE-2017-5435 (bmo#1350683)
      Use-after-free during transaction processing in the editor
    * CVE-2017-5434 (bmo#1349946)
      Use-after-free during focus handling
    * CVE-2017-5433 (bmo#1347168)
      Use-after-free in SMIL animation functions
    * CVE-2017-5432 (bmo#1346654)
      Use-after-free in text input selection
    * CVE-2017-5430 (bmo#1329796, bmo#1337418, bmo#1339722, bmo#1340482,
      bmo#1342101, bmo#1344081, bmo#1344305, bmo#1344686, bmo#1346140,
      bmo#1346419, bmo#1348143, bmo#1349621, bmo#1349719, bmo#1353476)
      Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1
    * CVE-2017-5459 (bmo#1333858)
      Buffer overflow in WebGL
    * CVE-2017-5462 (bmo#1345089)
      DRBG flaw in NSS
    * CVE-2017-5454 (bmo#1349276)
      Sandbox escape allowing file system read access through file
      picker
    * CVE-2017-5451 (bmo#1273537)
      Addressbar spoofing with onblur event
* Mon Apr 17 2017 wr@rosenauer.org
  - update to Thunderbird 52.0.1
    * Clicking on a link in an email may not open this link in the
      external browser
    * addon blocklist updates
  - enable ALSA for systems w/o PA
  - require libffi explicitely to fix PPC64LE build where a system
    library is required
* Sat Mar 18 2017 wr@rosenauer.org
  - update to Thunderbird 52.0
    * Optionally remove corresponding data files when removing an account
    * Possibility to copy message filter
    * Calendar: Event can now be created and edited in a tab
    * Calendar: Processing of received invitation counter proposals
    * Chat: Support Twitter Direct Messages
    * Chat: Liking and favoriting in Twitter
    * Chat: Removed Yahoo! Messenger support
    * serveral bugfixes
  - security fixes (bsc#1028391, MFSA 2017-09):
    In general, these flaws cannot be exploited through email because
    scripting is disabled when reading mail, but are potentially
    risks in browser or browser-like contexts.
    * CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP (bmo#1334933)
    * CVE-2017-5401: Memory Corruption when handling ErrorResult (bmo#1328861)
    * CVE-2017-5402: Use-after-free working with events in FontFace objects (bmo#1334876)
    * CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object (bmo#1340186)
    * CVE-2017-5404: Use-after-free working with ranges in selections (bmo#1340138)
    * CVE-2017-5406: Segmentation fault in Skia with canvas operations (bmo#1306890)
    * CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters (bmo#1336622)
    * CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping (bmo#1330687)
    * CVE-2017-5408: Cross-origin reading of video captions in violation of CORS (bmo#1313711)
    * CVE-2017-5412: Buffer overflow read in SVG filters (bmo#1328323)
    * CVE-2017-5413: Segmentation fault during bidirectional operations (bmo#1337504)
    * CVE-2017-5414: File picker can choose incorrect default directory (bmo#1319370)
    * CVE-2017-5416: Null dereference crash in HttpChannel (bmo#1328121)
    * CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running (bmo#1257361)
    * CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses (bmo#1338876)
    * CVE-2017-5419: Repeated authentication prompts lead to DOS attack (bmo#1312243)
    * CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports (bmo#1336699)
    * CVE-2017-5421: Print preview spoofing (bmo#1301876)
    * CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink (bmo#1295002)
    * CVE-2017-5399: Memory safety bugs fixed in Thunderbird 52
    * CVE-2017-5398: Memory safety bugs fixed in Thunderbird 52 and Thunderbird 45.8
  - removed obsolete patches
    * mozilla-aarch64-48bit-va.patch
    * mozilla-binutils-visibility.patch
    * mozilla-flex_buffer_overrun.patch
    * mozilla-gcc6.patch
  - added generic mozilla patches
    * mozilla-aarch64-startup-crash.patch
  - require newer versions of NSPR and NSS
  - use Gtk3 for Tumbleweed
* Tue Mar 07 2017 wr@rosenauer.org
  - update to Thunderbird 45.8.0 (boo#1028391)
    * MFSA 2017-07
      CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
      (bmo#1334933)
      CVE-2017-5401: Memory Corruption when handling ErrorResult
      (bmo#1328861)
      CVE-2017-5402: Use-after-free working with events in FontFace
      objects (bmo#1334876)
      CVE-2017-5404: Use-after-free working with ranges in selections
      (bmo#1340138)
      CVE-2017-5407: Pixel and history stealing via floating-point
      timing side channel with SVG filters (bmo#1336622)
      CVE-2017-5410: Memory corruption during JavaScript garbage
      collection incremental sweeping (bmo#1330687)
      CVE-2017-5408: Cross-origin reading of video captions in violation
      of CORS (bmo#1313711)
      CVE-2017-5405: FTP response codes can cause use of
      uninitialized values for ports (bmo#1336699)
      CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and
      Firefox ESR 45.8
* Thu Feb 09 2017 wr@rosenauer.org
  - update to Thunderbird 45.7.1
    * fixed Crash when viewing certain IMAP messages (introduced in 45.7.0)
* Tue Jan 24 2017 wr@rosenauer.org
  - update to Thunderbird 45.7.0
    * Message preview pane non-functional after IMAP folder was renamed
      or moved
    * "Move To" button on "Search Messages" panel not working
    * Message sent to "undisclosed recipients" shows no recipient
      (non-functional since Thunderbird version 38)
    * Security updates from MFSA 2017-03 (Gecko 45.7.0) boo#1021991.
      In general, these flaws cannot be exploited through email in
      Thunderbird because scripting is disabled when reading mail,
      but are potentially risks in browser or browser-like contexts:
      CVE-2017-5375: Excessive JIT code allocation allows bypass of
      ASLR and DEP (bmo#1325200, boo#1021814)
      CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817)
      CVE-2017-5378: Pointer and frame data leakage of Javascript objects
      (bmo#1312001, bmo#1330769, boo#1021818)
      CVE-2017-5380: Potential use-after-free during DOM manipulations
      (bmo#1322107, boo#1021819)
      CVE-2017-5390: Insecure communication methods in Developer Tools
      JSON viewer (bmo#1297361, boo#1021820)
      CVE-2017-5396: Use-after-free with Media Decoder
      (bmo#1329403, boo#1021821)
      CVE-2017-5383: Location bar spoofing with unicode characters
      (bmo#1323338, bmo#1324716, boo#1021822)
      CVE-2017-5373: Memory safety bugs fixed in Thunderbird 45.7
      (boo#1021824)
* Thu Dec 29 2016 wr@rosenauer.org
  - update to Thunderbird 45.6.0 (boo#1015422)
    * The system integration dialog was shown every time when starting
      Thunderbird
    * MFSA 2016-96
      CVE-2016-9899: Use-after-free while manipulating DOM events and
      audio elements (bmo#1317409)
      CVE-2016-9895: CSP bypass using marquee tag (bmo#1312272)
      CVE-2016-9897: Memory corruption in libGLES (bmo#1301381)
      CVE-2016-9898: Use-after-free in Editor while manipulating DOM
      subtrees (bmo#1314442)
      CVE-2016-9900: Restricted external resources can be loaded by
      SVG images through data URLs (bmo#1319122)
      CVE-2016-9904: Cross-origin information leak in shared atoms
      (bmo#1317936)
      CVE-2016-9905: Crash in EnumerateSubDocuments (bmo#1293985)
      CVE-2016-9893: Memory safety bugs fixed in Thunderbird 45.6
* Thu Dec 01 2016 astieger@suse.com
  - Mozilla Thunderbird 45.5.1:
    * CVE-2016-9079: SVG Animation Remote Code Execution
      (MFSA 2016-92, bsc#1012964, bmo#1321066)
* Sat Nov 19 2016 astieger@suse.com
  - Mozilla Thunderbird 45.5.0 (boo#1009026)
    * Fixes for security flaws that cannot be exploited through email
      because scripting is disabled when reading mail, but are
      potentially risks in browser or browser-like contexts:
      CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
      (bsc#1010411)
      CVE-2016-5297: Incorrect argument length checking in Javascript
      (bsc#1010401)
      CVE-2016-9066: Integer overflow leading to a buffer overflow in
      nsScriptLoadHandler (bsc#1010404)
      CVE-2016-5291: Same-origin policy violation using local HTML file
      and saved shortcut file (bsc#1010410)
      CVE-2016-5290: Memory safety bugs fixed in Thunderbird ESR 45.5
      (bsc#1010427)
  - Changed behavior:
    * Changed recipient address entry: Arrow-keys now copy the pop-up
      value to the input field. Mouse-hovered pop-up value can no
      longer be confirmed with tab or enter key. This restores the
      behavior of Thunderbird 24.
    * Support changes to character limit in Twitter
  - Bugs fixed:
    * Reply with selected text containing quote resulted in wrong
      quoting level indication
    * Email invitation might not be displayed when description
      contains non-ASCII characters
    * Attempting to sort messages on the Date field whilst a quick
      filter is applied got stuck on sort descending
    * Mail address display at header pane displayed incorrectly if
      the address contains UTF-8 according to RFC 6532
* Sat Oct 01 2016 wr@rosenauer.org
  - update to Thunderbird 45.4.0 (boo#999701)
    * Display name was truncated if no separating space before email
      address.
    * Recipient addresses were shown in wrong color in some circumstances.
    * Additional spaces were inserted when drafts were edited.
    * Mail saved as template copied In-Reply-To and References from
      original email.
    * Threading broken when editing message draft, due to loss of Message-ID
    * "Apply columns to..." did not honor special folders
* Tue Aug 30 2016 wr@rosenauer.org
  - update to Thunderbird 45.3.0 (boo#991809)
    * Disposition-Notification-To could not be used in
      mail.compose.other.header
    * "edit as new message" on a received message pre-filled the sender
      as the composing identity.
    * Certain messages caused corruption of the drafts summary database.
    security fixes:
    * MFSA 2016-62/CVE-2016-2836
      Miscellaneous memory safety hazards
    * MFSA 2016-63/CVE-2016-2830 (bmo#1255270)
      Favicon network connection can persist when page is closed
    * MFSA 2016-64/CVE-2016-2838 (bmo#1279814)
      Buffer overflow rendering SVG with bidirectional content
    * MFSA 2016-65/CVE-2016-2839 (bmo#1275339)
      Cairo rendering crash due to memory allocation issue with FFmpeg 0.10
    * MFSA 2016-67/CVE-2016-5252 (bmo#1268854)
      Stack underflow during 2D graphics rendering
    * MFSA 2016-70/CVE-2016-5254 (bmo#1266963)
      Use-after-free when using alt key and toplevel menus
    * MFSA 2016-72/CVE-2016-5258 (bmo#1279146)
      Use-after-free in DTLS during WebRTC session shutdown
    * MFSA 2016-73/CVE-2016-5259 (bmo#1282992)
      Use-after-free in service workers with nested sync events
    * MFSA 2016-76/CVE-2016-5262 (bmo#1277475)
      Scripts on marquee tag can execute in sandboxed iframes
    * MFSA 2016-77/CVE-2016-2837 (bmo#1274637)
      Buffer overflow in ClearKey Content Decryption Module (CDM)
      during video playback
    * MFSA 2016-78/CVE-2016-5263 (bmo#1276897)
      Type confusion in display transformation
    * MFSA 2016-79/CVE-2016-5264 (bmo#1286183)
      Use-after-free when applying SVG effects
    * MFSA 2016-80/CVE-2016-5265 (bmo#1278013)
      Same-origin policy violation using local HTML file and saved shortcut file
* Fri Aug 05 2016 pcerny@suse.com
  - Fix for possible buffer overrun (bsc#990856)
    CVE-2016-6354 (bmo#1292534)
    [mozilla-flex_buffer_overrun.patch]
* Thu Jul 21 2016 mailaender@opensuse.org
  - add a screenshot to appdata.xml
* Thu Jun 30 2016 wr@rosenauer.org
  - update to Thunderbird 45.2 (boo#983549)
    Security fixes:
    * CVE-2016-2818, CVE-2016-2815: Memory safety bugs (MFSA2016-49)
  - drop mozilla-flexible-array-member-in-union.patch, upstream
* Fri Jun 24 2016 wr@rosenauer.org
  - mozilla-binutils-visibility.patch to fix build issues with
    gcc/binutils combination used in Leap 42.2 (boo#984637)
* Thu Jun 23 2016 wr@rosenauer.org
  - build with -fno-delete-null-pointer-checks for Tumbleweed/gcc6
    as long as underlying issues have been addressed upstream
    (boo#986162)
* Mon Jun 13 2016 agraf@suse.com
  - Fix running on 48bit va aarch64 (bsc#984126)
    - Add patch mozilla-aarch64-48bit-va.patch
* Fri May 27 2016 wr@rosenauer.org
  - update to Thunderbird 45.1.1
    * When entering members into a mailing list, the enter key
      dismissed the panel instead of just moving onto the next line
    * Email without HTML elements was sent as HTML, despite
      "Delivery Format: Auto-detect" option
    * Options applied to a template were lost when the template was used
    * Contacts could not be deleted when they were found through a search
    * Views from global searches did not respect
      "mail.threadpane.use_correspondents"
* Wed May 25 2016 badshah400@gmail.com
  - The conditional testing for gcc was failing for different
    openSUSE versions, drop it and apply patches unconditionally.
* Tue May 24 2016 badshah400@gmail.com
  - Add patches to fix building with gcc >= 6:
    + mozilla-gcc6.patch: patch taken from fedora's git and is
      essentially identical to upstream firefox patch:
      https://hg.mozilla.org/mozilla-central/rev/55212130f19d.
    + mozilla-flexible-array-member-in-union.patch: patch taken
      from upstream bmo#1272649.
* Thu May 12 2016 dimstar@opensuse.org
  - Copy the icons to /usr/share/icons instead of symlinking them:
    in preparation for containerized apps (e.g. xdg-app) as well as
    AppStream metadata extraction, there are a couple locations that
    need to be real files for system integration (.desktop files,
    icons, mime-type info).
* Sat May 07 2016 wr@rosenauer.org
  - update to Thunderbird 45.1.0 (boo#977333)
    * MFSA 2016-39/CVE-2016-2806/CVE-2016-2807 (boo#977375, boo#977376)
      Miscellaneous memory safety hazards
* Wed Apr 27 2016 badshah400@gmail.com
  - For openSUSE > 13.2, the build fails for i586 as it goes out of
    memory. Prevent this from happening by disabing parallel build
    in this particular case (i.e. do not pass
    mk_add_options MOZ_MAKE_FLAGS%{?jobs:-j%jobs}).
* Sat Apr 16 2016 wr@rosenauer.org
  - update to Thunderbird 45.0 (boo#969894)
    * Add a Correspondents column combining Sender and Recipient
    * Much better support for XMPP chatrooms and commands
    * Remote content exceptions: Improved options to add exceptions
    * Implement option to always use HTML formatting to prevent
      unexpected format loss when converting messages to plain text
    * Use OpenStreetmap for maps (even allow the user to choose from
      list of map services)
    * Allow spell checking and dictionary selection in the subject line
    * Allow editing of From when composing a message
    * Add dropdown in compose to allow specific setting of font size
    * Return/Enter in composer will now insert a new paragraph by
      default (shift-Enter will insert a line break)
    * Allow copying of name and email address from the message header
      of an email
    * Mail.ru supports OAuth authentication
    * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953
      Miscellaneous memory safety hazards
    * MFSA 2016-17/CVE-2016-1954 (bmo#1243178)
      Local file overwriting and potential privilege escalation through
      CSP reports
    * MFSA 2016-18/CVE-2016-1955 (bmo#1208946)
      CSP reports fail to strip location information for embedded iframe pages
    * MFSA 2016-19/CVE-2016-1956 (bmo#1199923)
      Linux video memory DOS with Intel drivers
    * MFSA 2016-20/CVE-2016-1957 (bmo#1227052)
      Memory leak in libstagefright when deleting an array during MP4
      processing
    * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014)
      Use-after-free in HTML5 string parser
    * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)
      Use-after-free in SetBody
    * MFSA 2016-27/CVE-2016-1964 (bmo#1243335)
      Use-after-free during XML transformations
    * MFSA 2016-34/CVE-2016-1974 (bmo#1228103)
      Out-of-bounds read in HTML parser following a failed allocation
    * MFSA 2016-35/CVE-2016-1950 (bmo#1245528)
      Buffer overflow during ASN.1 decoding in NSS
      (fixed by requiring 3.21.1)
    * MFSA 2016-36/CVE-2016-1979 (bmo#1185033)
      Use-after-free during processing of DER encoded keys in NSS
      (fixed by requiring 3.21.1)
    * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/
      CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/
      CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/
      CVE-2016-2800/CVE-2016-2801/CVE-2016-2802
      Font vulnerabilities in the Graphite 2 library
  - remove obsolete patches:
    * mozilla-arm-disable-edsp.patch
    * mozilla-icu-strncat.patch
    * mozilla-arm64-libjpeg-turbo.patch
  - added required mozilla platform patches:
    * mozilla-no-stdcxx-check.patch
* Wed Apr 06 2016 astieger@suse.com
  - update to Thunderbird 38.7.2
    * disable Graphite font shaping library (same upstream changelog
      as 38.7.1)
* Fri Mar 25 2016 wr@rosenauer.org
  - update to Thunderbird 38.7.1
    * disabled Graphite font shaping library
* Fri Mar 11 2016 wr@rosenauer.org
  - update to Thunderbird 38.7.0 (boo#969894)
    * MFSA 2015-81/CVE-2015-4477 (bmo#1179484)
      Use-after-free in MediaStream playback
    * MFSA 2015-136/CVE-2015-7207 (bmo#1185256)
      Same-origin policy violation using performance.getEntries and
      history navigation
    * MFSA 2016-16/CVE-2016-1952
      Miscellaneous memory safety hazards
    * MFSA 2016-17/CVE-2016-1954 (bmo#1243178)
      Local file overwriting and potential privilege escalation through
      CSP reports
    * MFSA 2016-20/CVE-2016-1957 (bmo#1227052)
      Memory leak in libstagefright when deleting an array during MP4
      processing
    * MFSA 2016-21/CVE-2016-1958 (bmo#1228754)
      Displayed page address can be overridden
    * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014)
      Use-after-free in HTML5 string parser
    * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)
      Use-after-free in SetBody
    * MFSA 2016-25/CVE-2016-1962 (bmo#1240760)
      Use-after-free when using multiple WebRTC data channels
    * MFSA 2016-27/CVE-2016-1964 (bmo#1243335)
      Use-after-free during XML transformations
    * MFSA 2016-28/CVE-2016-1965 (bmo#1245264)
      Addressbar spoofing though history navigation and Location protocol
      property
    * MFSA 2016-31/CVE-2016-1966 (bmo#1246054)
      Memory corruption with malicious NPAPI plugin
    * MFSA 2016-34/CVE-2016-1974 (bmo#1228103)
      Out-of-bounds read in HTML parser following a failed allocation
    * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/
      CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/
      CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/
      CVE-2016-2800/CVE-2016-2801/CVE-2016-2802
      Font vulnerabilities in the Graphite 2 library
* Fri Feb 26 2016 astieger@suse.com
  - adjust _constraints to current peak build memory and disk usage
* Sat Feb 13 2016 wr@rosenauer.org
  - update to Thunderbird 38.6.0 (boo#963520)
    * Filters ran on a different folder than selected
    * MFSA 2016-01/CVE-2016-1930
      Miscellaneous memory safety hazards
    * MFSA 2016-03/CVE-2016-1935 (bmo#1220450)
      Buffer overflow in WebGL after out of memory allocation
* Mon Jan 25 2016 olaf@aepfle.de
  - Using -g for CFLAGS is controlled via project settings, it should
    not be enforced by the mozilla buildsystem.
* Mon Jan 18 2016 olaf@aepfle.de
  - Add build conditionals for valgrind and -Os
  - Convert existing conditions for kde to bcond
* Tue Dec 29 2015 wr@rosenauer.org
  - update to Thunderbird 38.5.1
    * requires NSS 3.20.2 to fix
      MFSA 2015-150/CVE-2015-7575 (bmo#1158489)
      MD5 signatures accepted within TLS 1.2 ServerKeyExchange in
      server signature
  - explicitely require libXcomposite-devel
* Wed Dec 23 2015 wr@rosenauer.org
  - update to Thunderbird 38.5.0 (bnc#959277)
    * MFSA 2015-134/CVE-2015-7201
      Miscellaneous memory safety hazards
    * MFSA 2015-138/CVE-2015-7210 (bmo#1218326)
      Use-after-free in WebRTC when datachannel is used after being
      destroyed
    * MFSA 2015-139/CVE-2015-7212 (bmo#1222809)
      Integer overflow allocating extremely large textures
    * MFSA 2015-145/CVE-2015-7205 (bmo#1220493)
      Underflow through code inspection
    * MFSA 2015-146/CVE-2015-7213 (bmo#1206211)
      Integer overflow in MP4 playback in 64-bit versions
    * MFSA 2015-147/CVE-2015-7222 (bmo#1216748)
      Integer underflow and buffer overflow processing MP4 metadata in
      libstagefright
    * MFSA 2015-149/CVE-2015-7214 (bmo#1228950)
      Cross-site reading attack through data and view-source URIs
* Tue Nov 17 2015 wr@rosenauer.org
  - update to Thunderbird 38.4.0 (bnc#952810)
    * MFSA 2015-116/CVE-2015-4513/CVE-2015-4514
      Miscellaneous memory safety hazards
    * MFSA 2015-122/CVE-2015-7188 (bmo#1199430)
      Trailing whitespace in IP address hostnames can bypass same-origin policy
    * MFSA 2015-123/CVE-2015-7189 (bmo#1205900)
      Buffer overflow during image interactions in canvas
    * MFSA 2015-127/CVE-2015-7193 (bmo#1210302)
      CORS preflight is bypassed when non-standard Content-Type headers
      are received
    * MFSA 2015-128/CVE-2015-7194 (bmo#1211262)
      Memory corruption in libjar through zip files
    * MFSA 2015-130/CVE-2015-7196 (bmo#1140616)
      JavaScript garbage collection crash with Java applet
    * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200
      (bmo#1188010, bmo#1204061, bmo#1204155)
      Vulnerabilities found through code inspection
    * MFSA 2015-132/CVE-2015-7197 (bmo#1204269)
      Mixed content WebSocket policy bypass through workers
    * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183
      (bmo#1202868, bmo#1205157)
      NSS and NSPR memory corruption issues
      (fixed in mozilla-nspr and mozilla-nss packages)
  - requires NSPR 4.10.10 and NSS 3.19.2.1
  - added explicit appdata provides (bnc#952325)
* Mon Oct 05 2015 dmueller@suse.com
  - fix build on aarch64 by reusing the crashreporter conditional
    from MozillaFirefox
* Mon Sep 28 2015 wr@rosenauer.org
  - update to Thunderbird 38.3.0 (bnc#947003)
    * MFSA 2015-96/CVE-2015-4500
      Miscellaneous memory safety hazards
    * MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only)
      Arbitrary file manipulation by local user through Mozilla updater
    * MFSA 2015-101/CVE-2015-4506 (bmo#1192226)
      Buffer overflow in libvpx while parsing vp9 format video
    * MFSA 2015-105/CVE-2015-4511 (bmo#1200148)
      Buffer overflow while decoding WebM video
    * MFSA 2015-106/CVE-2015-4509 (bmo#1198435)
      Use-after-free while manipulating HTML media content
    * MFSA 2015-110/CVE-2015-4519 (bmo#1189814)
      Dragging and dropping images exposes final URL after redirects
    * MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869)
      Errors in the handling of CORS preflight request headers
    * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/
      CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/
      CVE-2015-7180
      Vulnerabilities found through code inspection
    * MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860,
      bmo#1190526) (Windows only)
      Memory safety errors in libGLES in the ANGLE graphics library
  - rebased patches
* Sat Aug 15 2015 wr@rosenauer.org
  - update to Thunderbird 38.2.0 (bnc#940806)
    * MFSA 2015-79/CVE-2015-4473
      Miscellaneous memory safety hazards
    * MFSA 2015-80/CVE-2015-4475 (bmo#1175396)
      Out-of-bounds read with malformed MP3 file
    * MFSA 2015-82/CVE-2015-4478 (bmo#1105914)
      Redefinition of non-configurable JavaScript object properties
    * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493
      Overflow issues in libstagefright
    * MFSA 2015-84/CVE-2015-4481 (bmo1171518)
      Arbitrary file overwriting through Mozilla Maintenance Service
      with hard links (only affected Windows)
    * MFSA 2015-85/CVE-2015-4482 (bmo#1184500)
      Out-of-bounds write with Updater and malicious MAR file
      (does not affect openSUSE RPM packages which do not ship the
      updater)
    * MFSA 2015-87/CVE-2015-4484 (bmo#1171540)
      Crash when using shared memory in JavaScript
    * MFSA 2015-88/CVE-2015-4491 (bmo#1184009)
      Heap overflow in gdk-pixbuf when scaling bitmap images
    * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148)
      Buffer overflows on Libvpx when decoding WebM video
    * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489
      Vulnerabilities found through code inspection
    * MFSA 2015-92/CVE-2015-4492 (bmo#1185820)
      Use-after-free in XMLHttpRequest with shared workers
* Wed Jul 08 2015 wr@rosenauer.org
  - update to Thunderbird 38.1.0 (bnc#935979)
    * MFSA 2015-59/CVE-2015-2724/CVE-2015-2725
      Miscellaneous memory safety hazards
    * MFSA 2015-60/CVE-2015-2727 (bmo#1163422)
      Local files or privileged URLs in pages can be opened into new tabs
    * MFSA 2015-61/CVE-2015-2728 (bmo#1142210)
      Type confusion in Indexed Database Manager
    * MFSA 2015-62/CVE-2015-2729 (bmo#1122218)
      Out-of-bound read while computing an oscillator rendering range in Web Audio
    * MFSA 2015-63/CVE-2015-2731 (bmo#1149891)
      Use-after-free in Content Policy due to microtask execution error
    * MFSA 2015-64/CVE-2015-2730 (bmo#1125025)
      ECDSA signature validation fails to handle some signatures correctly
      (this fix is shipped by NSS 3.19.1 externally)
    * MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867)
      Use-after-free in workers while using XMLHttpRequest
    * MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737
      CVE-2015-2738/CVE-2015-2739/CVE-2015-2740
      Vulnerabilities found through code inspection
    * MFSA 2015-67/CVE-2015-2741 (bmo#1147497)
      Key pinning is ignored when overridable errors are encountered
    * MFSA 2015-69/CVE-2015-2743 (bmo#1163109)
      Privilege escalation in PDF.js
    * MFSA 2015-70/CVE-2015-4000 (bmo#1138554)
      NSS accepts export-length DHE keys with regular DHE cipher suites
      (this fix is shipped by NSS 3.19.1 externally)
    * MFSA 2015-71/CVE-2015-2721 (bmo#1086145)
      NSS incorrectly permits skipping of ServerKeyExchange
      (this fix is shipped by NSS 3.19.1 externally)
  - requires NSS 3.19.2
* Fri Jun 19 2015 wr@rosenauer.org
  - update to Thunderbird 38.0.1
    * includes Lightning as default extension
  - rebased patches
  - removed obsolete patches:
    * mozilla-ppc.patch
    * mozilla-nullptr-gcc45.patch
    * mozilla-bug1024492.patch
  - dropped openSUSE specific patches
    * thunderbird-shared-nss-db.patch
    * mozilla-shared-nss-db.patch
      the provided feature seems not to be used and its maintenance
      is not worth the ongoing efforts
  - tb-develdirs.patch is now mozilla-develdirs.patch as it is a
    platform configuration now
* Thu Jun 18 2015 schwab@suse.de
  - mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration
* Thu May 28 2015 dmueller@suse.com
  - add mozilla-bug1024492.patch:
    * Fixes build against GCC 5.x
* Sat May 09 2015 wr@rosenauer.org
  - update to Thunderbird 31.7.0 (bnc#930622)
    * MFSA 2015-46/CVE-2015-2708
      Miscellaneous memory safety hazards
    * MFSA 2015-47/VE-2015-0797 (bmo#1080995)
      Buffer overflow parsing H.264 video with Linux Gstreamer
    * MFSA 2015-48/CVE-2015-2710 (bmo#1149542)
      Buffer overflow with SVG content and CSS
    * MFSA 2015-51/CVE-2015-2713 (bmo#1153478)
      Use-after-free during text processing with vertical text enabled
    * MFSA 2015-54/CVE-2015-2716 (bmo#1140537)
      Buffer overflow when parsing compressed XML
    * MFSA 2015-57/CVE-2011-3079 (bmo#1087565)
      Privilege escalation through IPC channel messages
* Tue Mar 31 2015 wr@rosenauer.org
  - update to Thunderbird 31.6.0 (bnc#925368)
    * MFSA 2015-30/CVE-2015-0815
      Miscellaneous memory safety hazards
    * MFSA 2015-31/CVE-2015-0813 (bmo#1106596))
      Use-after-free when using the Fluendo MP3 GStreamer plugin
    * MFSA 2015-33/CVE-2015-0816 (bmo#1144991)
      resource:// documents can load privileged pages
    * MFSA-2015-37/CVE-2015-0807 (bmo#1111834)
      CORS requests should not follow 30x redirections after preflight
    * MFSA-2015-40/CVE-2015-0801 (bmo#1146339)
      Same-origin bypass through anchor navigation
* Mon Feb 23 2015 wr@rosenauer.org
  - update to Thunderbird 31.5.0 (bnc#917597)
    * MFSA 2015-11/CVE-2015-0836
      Miscellaneous memory safety hazards
    * MFSA 2015-12/CVE-2015-0833 (bmo#945192)
      Invoking Mozilla updater will load locally stored DLL files
      (Windows only)
    * MFSA 2015-16/CVE-2015-0831 (bmo#1130514)
      Use-after-free in IndexedDB
    * MFSA 2015-19/CVE-2015-0827 (bmo#1117304)
      Out-of-bounds read and write while rendering SVG content
    * MFSA 2015-24/CVE-2015-0822 (bmo#1110557)
      Reading of local files through manipulation of form autocomplete
* Sat Jan 10 2015 wr@rosenauer.org
  - update to Thunderbird 31.4.0 (bnc#910669)
    * MFSA 2015-01/CVE-2014-8634/CVE-2014-8635
      Miscellaneous memory safety hazards
    * MFSA 2015-03/CVE-2014-8638 (bmo#1080987)
      sendBeacon requests lack an Origin header
    * MFSA 2015-04/CVE-2014-8639 (bmo#1095859)
      Cookie injection through Proxy Authenticate responses
  - added mozilla-icu-strncat.patch to fix post build checks
* Sun Nov 30 2014 wr@rosenauer.org
  - update to Thunderbird 31.3.0 (bnc#908009)
    * MFSA 2014-83/CVE-2014-1587
      Miscellaneous memory safety hazards
    * MFSA 2014-85/CVE-2014-1590 (bmo#1087633)
      XMLHttpRequest crashes with some input streams
    * MFSA 2014-87/CVE-2014-1592 (bmo#1088635)
      Use-after-free during HTML5 parsing
    * MFSA 2014-88/CVE-2014-1593 (bmo#1085175)
      Buffer overflow while parsing media content
    * MFSA 2014-89/CVE-2014-1594 (bmo#1074280)
      Bad casting from the BasicThebesLayer to BasicContainerLayer
* Sun Nov 16 2014 ledest@gmail.com
  - fix bashism in mozilla.sh script
* Tue Nov 04 2014 guillaume@opensuse.org
  - Limit RAM usage during link for ARM
* Sat Oct 25 2014 wr@rosenauer.org
  - remove add-plugins.sh and use /usr/share/myspell directly
    (bnc#900639)

Files

/usr/bin/thunderbird
/usr/lib64/thunderbird
/usr/lib64/thunderbird/Throbber-small.gif
/usr/lib64/thunderbird/application.ini
/usr/lib64/thunderbird/chrome
/usr/lib64/thunderbird/chrome/icons
/usr/lib64/thunderbird/chrome/icons/default
/usr/lib64/thunderbird/chrome/icons/default/default128.png
/usr/lib64/thunderbird/chrome/icons/default/default16.png
/usr/lib64/thunderbird/chrome/icons/default/default22.png
/usr/lib64/thunderbird/chrome/icons/default/default24.png
/usr/lib64/thunderbird/chrome/icons/default/default256.png
/usr/lib64/thunderbird/chrome/icons/default/default32.png
/usr/lib64/thunderbird/chrome/icons/default/default48.png
/usr/lib64/thunderbird/chrome/icons/default/default64.png
/usr/lib64/thunderbird/crashreporter
/usr/lib64/thunderbird/crashreporter.ini
/usr/lib64/thunderbird/defaults
/usr/lib64/thunderbird/defaults/messenger
/usr/lib64/thunderbird/defaults/messenger/mailViews.dat
/usr/lib64/thunderbird/defaults/pref
/usr/lib64/thunderbird/defaults/pref/all-l10n.js
/usr/lib64/thunderbird/defaults/pref/all-opensuse.js
/usr/lib64/thunderbird/defaults/pref/channel-prefs.js
/usr/lib64/thunderbird/dependentlibs.list
/usr/lib64/thunderbird/fonts
/usr/lib64/thunderbird/fonts/TwemojiMozilla.ttf
/usr/lib64/thunderbird/isp
/usr/lib64/thunderbird/isp/Bogofilter.sfd
/usr/lib64/thunderbird/isp/DSPAM.sfd
/usr/lib64/thunderbird/isp/POPFile.sfd
/usr/lib64/thunderbird/isp/SpamAssassin.sfd
/usr/lib64/thunderbird/isp/SpamPal.sfd
/usr/lib64/thunderbird/liblgpllibs.so
/usr/lib64/thunderbird/libmozgtk.so
/usr/lib64/thunderbird/libmozsandbox.so
/usr/lib64/thunderbird/libmozsqlite3.so
/usr/lib64/thunderbird/libmozwayland.so
/usr/lib64/thunderbird/librnp.so
/usr/lib64/thunderbird/libxul.so
/usr/lib64/thunderbird/minidump-analyzer
/usr/lib64/thunderbird/omni.ja
/usr/lib64/thunderbird/pingsender
/usr/lib64/thunderbird/platform.ini
/usr/lib64/thunderbird/plugin-container
/usr/lib64/thunderbird/rnp-cli
/usr/lib64/thunderbird/rnpkeys
/usr/lib64/thunderbird/thunderbird-bin
/usr/lib64/thunderbird/thunderbird.sh
/usr/share/appdata
/usr/share/appdata/thunderbird.appdata.xml
/usr/share/applications/thunderbird.desktop
/usr/share/icons/hicolor/128x128/apps/thunderbird.png
/usr/share/icons/hicolor/16x16/apps/thunderbird.png
/usr/share/icons/hicolor/22x22/apps/thunderbird.png
/usr/share/icons/hicolor/24x24/apps/thunderbird.png
/usr/share/icons/hicolor/32x32/apps/thunderbird.png
/usr/share/icons/hicolor/48x48/apps/thunderbird.png
/usr/share/icons/hicolor/64x64/apps/thunderbird.png
/usr/share/icons/hicolor/symbolic/apps/thunderbird-symbolic.svg


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Jul 9 18:11:13 2024