Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

MozillaThunderbird-68.3.0-lp152.1.1 RPM for aarch64

From OpenSuSE Ports Leap 15.2 for aarch64

Name: MozillaThunderbird Distribution: openSUSE Leap 15.2
Version: 68.3.0 Vendor: openSUSE
Release: lp152.1.1 Build date: Tue Dec 24 13:56:25 2019
Group: Productivity/Networking/Email/Clients Build host: obs-arm-8
Size: 185005087 Source RPM: MozillaThunderbird-68.3.0-lp152.1.1.src.rpm
Packager: https://bugs.opensuse.org
Url: https://www.thunderbird.net/
Summary: An integrated email, news feeds, chat, and newsgroups client
Thunderbird is a free, open-source, cross-platform application for
managing email, news feeds, chat, and news groups. It is a local
(rather than browser- or web-based) email application that is powerful
yet easy to use.

Provides

Requires

License

MPL-2.0

Changelog

* Wed Dec 04 2019 Martin Sirringhaus <martin.sirringhaus@suse.com>
  - Mozilla Firefox Thunderbird 68.3
    * new: Message display toolbar action WebExtension API
      (bmo#1531597)
    * new: Navigation buttons are now available in content tabs,
      for example those opened via an add-on search (bmo#787683)
    * changed: "New email" icon in Windows systray changed from in-
      tray with arrow to envelope (bmo#1594200)
    * fixed: Icons of attachments in the attachment pane of the
      Write window not always correct (bmo#1593280)
    * fixed: Toolbar buttons of add-ons in the menubar not shown
      after startup (bmo#1584160)
    * fixed: LDAP lookup not working when SSL was enabled. LDAP
      search not working when "All Address Books" was selected.
      (bmo#1576364)
    * fixed: Scam link confirmation panel not working (bmo#1596413)
    * fixed: In Write window, the Link Properties dialog wasn't
      showing named anchors in context menu (bmo#1593629)
    * fixed: Calendar: Start-up failed if the application menu is
      not on the calendar toolbars (bmo#1588516)
    * fixed: Chat: Account reordering via drag-and-drop not working
      on Instant messaging status dialog (Show Accounts)
      (bmo#1591505)
    MFSA 2019-37 (bsc#1158328)
    * CVE-2019-17008 (bmo#1546331)
      Use-after-free in worker destruction
    * CVE-2019-13722 (bmo#1580156)
      Stack corruption due to incorrect number of arguments in
      WebRTC code
    * CVE-2019-11745 (bmo#1586176)
      Out of bounds write in NSS when encrypting with a block
      cipher
    * CVE-2019-17009 (bmo#1510494)
      Updater temporary files accessible to unprivileged processes
    * CVE-2019-17010 (bmo#1581084)
      Use-after-free when performing device orientation checks
    * CVE-2019-17005 (bmo#1584170)
      Buffer overflow in plain text serializer
    * CVE-2019-17011 (bmo#1591334)
      Use-after-free when retrieving a document in antitracking
    * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667,
      bmo#1567209, bmo#1580288, bmo#1585760, bmo#1592502)
      Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
* Tue Nov 26 2019 Martin Sirringhaus <martin.sirringhaus@suse.com>
  - Remove patch thunderbird-broken-locales-build.patch due to
    switch to a different method for building locales
  - Added patch mozilla-bmo849632.patch to fix some webgl-problems
    on big endian machines (sync from FF)
* Mon Nov 04 2019 Martin Sirringhaus <martin.sirringhaus@suse.com>
  - Mozilla Thunderbird 68.2.1
    * new: A language for the user interface can now be chosen in
      the advanced settings (multilingual UI) (bmo#1590206)
    * fixed: Problem with Google authentication (OAuth2)
      (bmo#1592407)
    * fixed: Selected or unread messages not shown in the correct
      color in the thread pane (message list) under some
      circumstances (bmo#1585765)
    * fixed: When using a language pack, names of standard folders
      weren't localized (bmo#1575512, boo#1149126)
    * fixed: Address book default startup directory in preferences
      panel not persisted (bmo#1591364)
    * fixed: Various visual glitches: Conditions in filter editor
      not high enough, folder location widget not showing folder
      name, problem with menubar customization, add-on home page
      links accumulating, theme issues on Windows 7 (bmo#1590666)
    * fixed: Issues when upgrading from a 32bit version of
      Thunderbird to a 64bit version. Note: If your profile is
      still not recognised, selected it by visiting about:profiles
      in the Troubleshooting Information. (bmo#1587067)
    * fixed: Chat: Extended context menu on Instant messaging
      status dialog (Show Accounts) (bmo#1591506)
  - added mozilla-bmo1504834-part4.patch to fix some visual issues
    on big endian platforms
* Wed Oct 23 2019 Martin Sirringhaus <martin.sirringhaus@suse.com>
  - Mozilla Thunderbird 68.2
    * new: Message Display WebExtension API
    * new: Message Search WebExtension API
    * Bugfixes
      Better visual feedback for unread messages when using the
      dark theme
      Various issues when editing mailing lists
      Integration with macOS addressbook and notifications not working
      after introduction of notarization
      Application windows not maintaining their size after restart
      Issues when upgrading from a 32bit version of Thunderbird to a
      64bit version.
    * various security fixes
    MFSA 2019-33/2019-35 (bsc#1154738)
    * CVE-2019-15903 (bmo#1584907)
      Heap overflow in expat library in XML_GetCurrentLineNumber
    * CVE-2019-11757 (bmo#1577107)
      Use-after-free when creating index updates in IndexedDB
    * CVE-2019-11758 (bmo#1536227)
      Potentially exploitable crash due to 360 Total Security
    * CVE-2019-11759 (bmo#1577953)
      Stack buffer overflow in HKDF output
    * CVE-2019-11760 (bmo#1577719)
      Stack buffer overflow in WebRTC networking
    * CVE-2019-11761 (bmo#1561502)
      Unintended access to a privileged JSONView object
    * CVE-2019-11762 (bmo#1582857)
      document.domain-based origin isolation has same-origin-
      property violation
    * CVE-2019-11763 (bmo#1584216)
      Incorrect HTML parsing results in XSS bypass technique
    * CVE-2019-11764 (bmo#1548044, bmo#1558522, bmo#1571223,
      bmo#1573048, bmo#1575217, bmo#1577061, bmo#1578933,
      bmo#1581950, bmo#1583463, bmo#1583684, bmo#1586599,
      bmo#1586845)
      Memory safety bugs fixed in Thunderbird 68.2
  - removed upstream patches:
    * mozilla-bmo1512162.patch
    * mozilla-bmo1573381.patch
    * mozilla-bmo1585099.patch
* Mon Oct 14 2019 Martin Sirringhaus <martin.sirringhaus@suse.com>
  - Mozilla Thunderbird 68.1.2 (bsc#1153879)
    Bugfixes
    * Some attachments couldn't be opened in messages originating from
      MS Outlook 2016
    * Address book import from CSV
    * Performance problem in message body search
    * Ctrl+Enter to send a message would open an attachment if the
      attachment pane had focus
    * Calendar: Issues with "Today Pane" start-up
    * Calendar: Glitches with custom repeat and reminder number input
    * Calendar: Problems with WCAP provider
  - add mozilla-bmo1585099.patch to fix build with rust >= 1.38
  - add mozilla-fix-top-level-asm.patch to fix LTO build (w/o PGO)
  - updated translations-other locale list
  - remove kde.js since disabling instantApply breaks extensions and
    is obsolete with the move to HTML views for preferences (boo#1151186)
  - Update create-tar.sh (bsc#1152778)
  - Update mozilla-bmo1512162.patch to the patch now commited upstream
    * No more -O1 builds for ppc64le necessary
  - Deactivate currently useless crashreporter for the last remaining
    arch
* Fri Sep 27 2019 Martin Sirringhaus <martin.sirringhaus@suse.com>
  - Mozilla Thunderbird 68.1.1
    Bugfixes
    * Issues with attachments in IMAP messages
    * Gmail accounts ignored a non-standard trash folder selection
    * Entering/pasting lists of recipients into the addressing widget or
      mailing list not working reliably, especially when lists contained
      multiple commas or semicolons
    * Edit mailing list not working
    * Various theme fixes, especially dark theme improvements for Calendar
    * Contrast between tag label and background not optimal
    * Account Central pane always loaded at start-up
    * "Config Editor" button not removed if blocked by policy
    * Calendar: Free/busy information in attendees dialog not scrolled
      correctly. Note: Scroll arrows still not behaving correctly
    MFSA 2019-32
    * CVE-2019-11755 (bmo#1240290)
      Spoofing a message author via a crafted S/MIME message
* Thu Sep 12 2019 Martin Sirringhaus <martin.sirringhaus@suse.com>
  - Mozilla Thunderbird 68.1.0
    * Offer to configure Exchange accounts for Office365. A third-
      party add-on is required for this account type.
      IMAP still exists as alternative.
    * Edit tag not working
    * Write window: "Insert > Characters and Symbols" not working
    * Moving/dragging messages from "Search Messages" result
      dialog not working
    * Command line -compose "attachment=" not working
    * Custom views not working
    * Issues with list of content types/actions for incoming attachments
    * "Learn More" links in Error Console not working
    * Visual glitches: Quick Filter Bar tag buttons too tall, missing
      scroll bar on Connection Setting subdialog, LDAP server
      selection after "New", "Edit" and "Delete"
    * Calendar: Parts of CalDAV dialog not working
    MFSA 2019-30
    * CVE-2019-11739 (bmo#1571481, bsc#1150939)
      Covert Content Attack on S/MIME encryption using a crafted
      multipart/alternative message
    * CVE-2019-11746 (bmo#1564449, bsc#1149297)
      Use-after-free while manipulating video
    * CVE-2019-11744 (bmo#1562033, bsc#1149304)
      XSS by breaking out of title and textarea elements using
      innerHTML
    * CVE-2019-11742 (bmo#1559715, bsc#1149303)
      Same-origin policy violation with SVG filters and canvas to
      steal cross-origin images
    * CVE-2019-11752 (bmo#1501152, bsc#1149296)
      Use-after-free while extracting a key value in IndexedDB
    * CVE-2019-11743 (bmo#1560495, bsc#1149298,
      https://w3c.github.io/navigation-timing)
      Cross-origin access to unload event attributes
    * CVE-2019-11740 (bmo#1563133, bmo#1573160, bsc#1149299)
      Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1,
      Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9
  - Mozilla Thunderbird 68.0
    * based on Firefox ESR 68
    * File link attachments can now be linked to again instead of
      uploading them again
    * Mark all folders of an account as read
    * Run filters periodically. Improved filter logging
    * OAuth2 authentication for Yandex
    * Language packs can now be selected in the Advanced Options.
      Preference intl.multilingual.enabled needs to be set (and possily
      also extensions.langpacks.signatures.required needs to be set to false)
    * Added a policy engine that allows customized Thunderbird deployments
      in enterprise environments, using Windows Group Policy or a
      cross-platform JSON file
    * TCP keepalive for IMAP protocol
    * Full Unicode support for MAPI interfaces: New support for MAPISendMailW
    * Calendar: Time zone data can now include past and future changes.
      All known time zone changes from 2018 to 2022 are included.
    * Chat: In each conversation an individual spellcheck language can
      be selected now
    MFSA 2019-28
    * CVE-2019-11711 (bmo#1552541)
      Script injection within domain through inner window reuse
    * CVE-2019-11712 (bmo#1543804)
      Cross-origin POST requests can be made with NPAPI plugins by
      following 308 redirects
    * CVE-2019-11713 (bmo#1528481)
      Use-after-free with HTTP/2 cached stream
    * CVE-2019-11714 (bmo#1542593)
      NeckoChild can trigger crash when accessed off of main thread
    * CVE-2019-11729 (bmo#1515342)
      Empty or malformed p256-ECDH public keys may trigger a
      segmentation fault
    * CVE-2019-11715 (bmo#1555523)
      HTML parsing error can contribute to content XSS
    * CVE-2019-11716 (bmo#1552632)
      globalThis not enumerable until accessed
    * CVE-2019-11717 (bmo#1548306)
      Caret character improperly escaped in origins
    * CVE-2019-11719 (bmo#1540541)
      Out-of-bounds read when importing curve25519 private key
    * CVE-2019-11720 (bmo#1556230)
      Character encoding XSS vulnerability
    * CVE-2019-11721 (bmo#1256009)
      Domain spoofing through unicode latin 'kra' character
    * CVE-2019-11730 (bmo#1558299)
      Same-origin policy treats all files in a directory as having
      the same-origin
    * CVE-2019-11723 (bmo#1528335)
      Cookie leakage during add-on fetching across private browsing
      boundaries
    * CVE-2019-11724 (bmo#1512511)
      Retired site input.mozilla.org has remote troubleshooting
      permissions
    * CVE-2019-11725 (bmo#1483510)
      Websocket resources bypass safebrowsing protections
    * CVE-2019-11727 (bmo#1552208)
      PKCS#1 v1.5 signatures can be used for TLS 1.3
    * CVE-2019-11728 (bmo#1552993)
      Port scanning through Alt-Svc header
    * CVE-2019-11710 (bmo#1400563, bmo#1507696, bmo#1510345,
      bmo#1533842, bmo#1535482, bmo#1535848, bmo#1537692,
      bmo#1540590, bmo#1544180, bmo#1547472, bmo#1547760,
      bmo#1548611, bmo#1549768, bmo#1551907)
      Memory safety bugs fixed in Firefox 68 and Thunderbird 68
    * CVE-2019-11709 (bmo#1515052, bmo#1533522, bmo#1539219,
      bmo#1540759, bmo#1547266, bmo#1547757, bmo#1548822,
      bmo#1550498, bmo#1550498)
      Memory safety bugs fixed in Firefox 68, Firefox ESR 60.8, and
      Thunderbird 68
  - removed patches that are now upstream
    * mozilla-bmo1375074.patch
    * mozilla-i586-DecoderDoctorLogger.patch
    * mozilla-i586-domPrefs.patch
    * mozilla-bmo1464766.patch
    * mozilla-bigendian_bit_flags_alias.patch
  - added patch to make builds reproducible
    * mozilla-bmo1568145.patch
  - added a bunch of patches mainly for big endian platforms
    * mozilla-bmo1504834-part1.patch
    * mozilla-bmo1504834-part2.patch
    * mozilla-bmo1504834-part3.patch
    * mozilla-bmo1511604.patch
    * mozilla-bmo1512162.patch
    * mozilla-bmo1554971.patch
    * mozilla-bmo1573381.patch
    * mozilla-nestegg-big-endian.patch
    * mozilla-ppc-altivec_static_inline.patch
  - added patches to fix build on armv7:
    * mozilla-bmo1463035.patch
    * mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
  - added patch to fix non-return function
    * mozilla-cubeb-noreturn.patch
  - added patch to fix aarch64 build:
    * mozilla-fix-aarch64-libopus.patch (bmo#1539737)
  - added patch to reduce build-load
    * mozilla-reduce-rust-debuginfo.patch
  - added patch to fix locales-build
    * thunderbird-broken-locales-build.patch
  - added patch to fix implicit declarations
    * mozilla-openaes-decl.patch
  - added samba-patch from Firefox
    * mozilla-ntlm-full-path.patch
* Fri Jul 12 2019 Martin Sirringhaus <martin.sirringhaus@suse.com>
  - Mozilla Firefox Thunderbird 60.8
    MFSA 2019-23 (bsc#1140868)
    * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327)
      Sandbox escape via installation of malicious language pack
    * CVE-2019-11711 (bmo#1552541)
      Script injection within domain through inner window reuse
    * CVE-2019-11712 (bmo#1543804)
      Cross-origin POST requests can be made with NPAPI plugins by
      following 308 redirects
    * CVE-2019-11713 (bmo#1528481)
      Use-after-free with HTTP/2 cached stream
    * CVE-2019-11729 (bmo#1515342)
      Empty or malformed p256-ECDH public keys may trigger a
      segmentation fault
    * CVE-2019-11715 (bmo#1555523)
      HTML parsing error can contribute to content XSS
    * CVE-2019-11717 (bmo#1548306)
      Caret character improperly escaped in origins
    * CVE-2019-11719 (bmo#1540541)
      Out-of-bounds read when importing curve25519 private key
    * CVE-2019-11730 (bmo#1558299)
      Same-origin policy treats all files in a directory as having
      the same-origin
    * CVE-2019-11709 (bmo#1515052, bmo#1533522, bmo#1539219,
      bmo#1540759, bmo#1547266, bmo#1547757, bmo#1548822,
      bmo#1550498, bmo#1550498)
      Memory safety bugs fixed in Firefox 68, Firefox ESR 60.8, and
      Thunderbird 60.8
  - Calendar: Problems when editing event times, some related to
    AM/PM setting in non-English locales
* Fri Jun 21 2019 Martin Sirringhaus <martin.sirringhaus@suse.com>
  - Mozilla Firefox Thunderbird 60.7.2
    MFSA 2019-20 (bsc#1138872)
    * CVE-2019-11707 (bmo#1544386)
      Type confusion in Array.pop
    * CVE-2019-11708 (bmo#1559858)
      sandbox escape using Prompt:Open
* Fri Jun 14 2019 Martin Sirringhaus <martin.sirringhaus@suse.com>
  - Mozilla Firefox Thunderbird 60.7.1
    MFSA 2019-17 (bsc#1137595)
    * CVE-2019-11703 (bmo#1553820)
      Heap buffer overflow in icalparser.c
    * CVE-2019-11704 (bmo#1553814)
      Heap buffer overflow in icalvalue.c
    * CVE-2019-11705 (bmo#1553808)
      Stack buffer overflow in icalrecur.c
    * CVE-2019-11706 (bmo#1555646)
      Type confusion in icalproperty.c
  - No prompt for smartcard PIN when S/MIME signing is used
  - Removed obsolete patches:
      [thunderbird-bsc1137595.patch]
* Thu Jun 13 2019 Martin Sirringhaus <martin.sirringhaus@suse.com>
  - Fix security vulnerabilities in Thunderbird 60.7 (bsc#1137595)
    * CVE-2019-11706 (bmo#1555646)
    * CVE-2019-11705 (bmo#1553808)
    * CVE-2019-11704 (bmo#1553814)
    * CVE-2019-11703 (bmo#1553820)
  - Added patches:
      [thunderbird-bsc1137595.patch]
* Fri May 24 2019 Martin Sirringhaus <martin.sirringhaus@suse.com>
  - Mozilla Firefox Thunderbird 60.7
    MFSA 2019-15
    * CVE-2019-9815 (bmo#1546544, https://mdsattacks.com/)
      Disable hyperthreading on content JavaScript threads on macOS
    * CVE-2019-9816 (bmo#1536768)
      Type confusion with object groups and UnboxedObjects
    * CVE-2019-9817 (bmo#1540221)
      Stealing of cross-domain images using canvas
    * CVE-2019-9818 (bmo#1542581)
      Use-after-free in crash generation server
    * CVE-2019-9819 (bmo#1532553)
      Compartment mismatch with fetch API
    * CVE-2019-9820 (bmo#1536405)
      Use-after-free of ChromeEventHandler by DocShell
    * CVE-2019-11691 (bmo#1542465)
      Use-after-free in XMLHttpRequest
    * CVE-2019-11692 (bmo#1544670)
      Use-after-free removing listeners in the event listener
      manager
    * CVE-2019-11693 (bmo#1532525)
      Buffer overflow in WebGL bufferdata on Linux
    * CVE-2019-7317 (bmo#1542829)
      Use-after-free in png_image_free of libpng library
    * CVE-2019-9797 (bmo#1528909)
      Cross-origin theft of images with createImageBitmap
    * CVE-2018-18511 (bmo#1526218)
      Cross-origin theft of images with ImageBitmapRenderingContext
    * CVE-2019-11694 (bmo#1534196)
      Uninitialized memory memory leakage in Windows sandbox
    * CVE-2019-11698 (bmo#1543191)
      Theft of user history data through drag and drop of
      hyperlinks to and from bookmarks
    * CVE-2019-5798 (bmo#1535518)
      Out-of-bounds read in Skia
    * CVE-2019-9800 (bmo#1499108, bmo#1499719, bmo#1516325,
      bmo#1532465, bmo#1533554, bmo#1534593, bmo#1535194,
      bmo#1535612, bmo#1538042, bmo#1538619, bmo#1538736,
      bmo#1540136, bmo#1540166, bmo#1541580, bmo#1542097,
      bmo#1542324, bmo#1546327)
      Memory safety bugs fixed in Firefox 67, Firefox ESR 60.7, and
      Thunderbird 60.7
  - Attachment pane of Write window no longer focussed when attaching files using a keyboard shortcut
* Mon May 20 2019 Martin Sirringhaus <martin.sirringhaus@suse.com>
  - Reactivate s390x
    * Merged big endian patches from MozillaFirefox to make
      Thunderbird compile under s390x again (see below)
    * Added ac_option --with-system-icu (same as Firefox, but in
      this case only for big endian machines as not to break
      existing archs)
  - Added patches:
      [mozilla-bmo1005535.patch]
      [mozilla-bigendian_bit_flags_alias.patch]
      [mozilla-s390-bigendian.patch]
      [mozilla-s390-context.patch]
* Fri May 17 2019 Martin Sirringhaus <martin.sirringhaus@suse.com>
  - Sync with Devel:Mozilla:*:next
* Thu May 16 2019 Martin Sirringhaus <martin.sirringhaus@suse.com>
  - Merge changes from MozillaFirefox
    * Merge spec-file update "Enable Firefox to build with
      Rust >= 1.30 with fix" (revision 28)
    * Merge create-tar.sh to now download tar-balls for thunderbird
      directly as is done with Firefox
* Mon Mar 25 2019 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 60.6.1
    MFSA 2019-12 (bsc#1130262)
    * CVE-2019-9810 (bmo#1537924)
      IonMonkey MArraySlice has incorrect alias information
    * CVE-2019-9813 (bmo#1538006)
      Ionmonkey type confusion with __proto__ mutations
* Wed Mar 20 2019 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 60.6.0
    * Calendar: Can't create repeating event with end date when using
      certain time zones, for example Europe/Minsk
    * some minor bugfixes
    * using 60.6.0esr Mozilla platform (bsc#1129821)
* Thu Mar 07 2019 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 60.5.3
    * fixed a regression on the Windows platform:
      Problem when using "Send to > Mail recipient" on Windows
* Sun Feb 24 2019 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 60.5.2
    * UTF-8 support for MAPISendMail
    * Problem with S/MIME certificate verification when receiving email
      from Outlook (issue introduced in version 60.5.1)
* Thu Feb 14 2019 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 60.5.1
    * CalDav access to some servers not working
    MFSA 2019-06 (bsc#1125330)
    * CVE-2018-18356 bmo#1525817
      Use-after-free in Skia
    * CVE-2019-5785 bmo#1525433
      Integer overflow in Skia
    * CVE-2018-18335 bmo#1525815
      Buffer overflow in Skia with accelerated Canvas 2D
    * CVE-2018-18509 bmo#1507218
      S/MIME signature spoofing
* Fri Jan 25 2019 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 60.5.0:
    * FileLink provider WeTransfer to upload large attachments
    * Thunderbird now allows the addition of OpenSearch search engines
      from a local XML file using a minimal user inferface: [+] button
      to select a file an add, [-] to remove.
    * More search engines: Google and DuckDuckGo available by default
      in some locales
    * During account creation, Thunderbird will now detect servers
      using the Microsoft Exchange protocol. It will offer the
      installation of a 3rd party add-on (Owl) which supports that
      protocol.
    * Thunderbird now compatible with other WebExtension-based
      FileLink add-ons like the Dropbox add-on
    MFSA 2019-03 (bsc#1122983)
    * CVE-2018-18500 bmo#1510114
      Use-after-free parsing HTML5 stream
    * CVE-2018-18505 bmo#1497749
      Privilege escalation through IPC channel messages
    * CVE-2016-5824 bmo#1275400
      DoS (use-after-free) via a crafted ics file
    * CVE-2018-18501 bmo#1512450 bmo#1517542 bmo#1513201 bmo#1460619
      bmo#1502871 bmo#1516738 bmo#1516514
      Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
  - requires NSS 3.36.7
  - removed obsolete patch
    mozilla-no-stdcxx-check.patch
  - rebased patches
* Fri Dec 21 2018 astieger@suse.com
  - Mozilla Thunderbird 60.4.0:
    * New WebExtensions FileLink API to facilitate add-ons
    * Fix decoding problems for messages with less common charsets
      (cp932, cp936)
    * New messages in the drafts folder (and other special or virtual
      folders) will no longer be included in the new messages
      notification
    MFSA 2018-31
    * CVE-2018-17466 bmo#1488295
      Buffer overflow and out-of-bounds read in ANGLE library with
      TextureStorage11
    * CVE-2018-18492 bmo#1499861
      Use-after-free with select element
    * CVE-2018-18493 bmo#1504452
      Buffer overflow in accelerated 2D canvas with Skia
    * CVE-2018-18494 bmo#1487964
      Same-origin policy violation using location attribute and
      performance.getEntries to steal cross-origin URLs
    * CVE-2018-18498 bmo#1500011
      Integer overflow when calculating buffer sizes for images
    * CVE-2018-12405 bmo#1494752 bmo#1503326 bmo#1505181 bmo#1500759
      bmo#1504365 bmo#1506640 bmo#1503082 bmo#1502013 bmo#1510471
      Memory safety bugs fixed in Firefox 64, 60.4, and Thunderbird 60.4
  - requires NSS 3.36.6
* Tue Dec 04 2018 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 60.3.3
    * Thunderbird 60 will migrate security databases (key3.db, cert8.db
      to key4.db, cert9.db). Thunderbird 60.3.2 and earlier contained a
      fault that potentially deleted saved passwords and private certificate
      keys for users using a master password. Version 60.3.3 will prevent
      the loss of data; affected users who have already upgraded to version
      60.3.2 or earlier can restore the deleted key3.db file from backup
      to complete the migration.
    * Address book search and auto-complete slowness introduced in
      Thunderbird 60.3.2
    * Plain text markup with * for bold, / for italics, _ for underline
      and | for code did not work when the enclosed text contained
      non-ASCII characters
    * While composing a message, a link not removed when link location
      was removed in the link properties panel
* Mon Dec 03 2018 astieger@suse.com
  - Fix build on openSUSE Leap 15.x w.r.t. rust-std requirement
* Thu Nov 29 2018 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 60.3.2
    * Encoding problems when exporting address books or messages using
      the system charset. Messages are now always exported using the
      UTF-8 encoding
    * If the "Date" header of a message was invalid, Jan 1970 or Dec 1969
      was displayed. Now using date from "Received" header instead.
    * Body search/filtering didn't reliably ignore content of tags
    * Inappropriate warning "Thunderbird prevented the site
      (addons.thunderbird.net) from asking you to install software on
      your computer" when installing add-ons
    * Incorrect display of correspondents column since own email
      address was not always detected
    * Spurious &#xA; (encoded newline) inserted into drafts and sent email
* Thu Nov 15 2018 astieger@suse.com
  - Mozilla Thunderbird 60.3.1:
    * Double-clicking on a word in the Write window sometimes
      launched the Advanced Property Editor or Link Properties dialog
    * Fixe Cookie removal
    * "Download rest of message" was not working if global inbox was
      used
    * Fix Encoding problems for users (especially in Poland) when a
      file was sent via a folder using "Sent to > Mail recipient"
      due to a problem in the Thunderbird MAPI interface
    * According to RFC 4616 and RFC 5721, passwords containing
      non-ASCII characters are encoded using UTF-8 which can lead to
      problems with non-compliant providers, for example
      office365.com. The SMTP LOGIN and POP3 USER/PASS
      authentication methods are now using a Latin-1 encoding again
      to work around this issue
    * Fix shutdown crash/hang after entering an empty IMAP password
* Tue Oct 30 2018 wr@rosenauer.org
  - update to Thunderbird 60.3.0
    * various theme fixes
    * Shift+PageUp/PageDown in Write window
    * Gloda attachment filtering
    * Mailing list address auto-complete enter/return handling
    * Thunderbird hung if HTML signature references non-existent image
    * Filters not working for headers that appear more than once
  - Security fixes for the Mozilla platform picked up from 60.3
    (Firefox ESR release). In general, these flaws cannot be exploited
    through email in Thunderbird because scripting is disabled when
    reading mail, but are potentially risks in browser or browser-like
    contexts (MFSA 2018-28) (bsc#1112852)
    * CVE-2018-12391 (bmo#1478843) (Android only)
      HTTP Live Stream audio data is accessible cross-origin
    * CVE-2018-12392 (bmo#1492823)
      Crash with nested event loops
    * CVE-2018-12393 (bmo#1495011)
      Integer overflow during Unicode conversion while loading JavaScript
    * CVE-2018-12389 (bmo#1498460, bmo#1499198)
      Memory safety bugs fixed in Firefox ESR 60.3
    * CVE-2018-12390 (bmo#1487098, bmo#1487660, bmo#1490234, bmo#1496159,
      bmo#1443748, bmo#1496340, bmo#1483905, bmo#1493347, bmo#1488803,
      bmo#1498701, bmo#1498482, bmo#1442010, bmo#1495245, bmo#1483699,
      bmo#1469486, bmo#1484905, bmo#1490561, bmo#1492524, bmo#1481844)
      Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
* Thu Oct 25 2018 guillaume.gardet@opensuse.org
  - Update _constraints for armv6/7
* Thu Oct 25 2018 guillaume.gardet@opensuse.org
  - Add patch to fix build on armv7:
    * mozilla-bmo1463035.patch
* Thu Oct 25 2018 guillaume.gardet@opensuse.org
  - Add memory-constraints to avoid OOM errors
* Fri Oct 12 2018 meissner@suse.com
  - provide / obsolete MozillaThunderbird-devel as this is no longer
    shipped to allow migration scenarios
* Tue Oct 02 2018 wr@rosenauer.org
  - update to Thunderbird 60.2.1:
    * Calendar: Default values for the first day of the week and
      working days are now derived from the selected datetime
      formatting locale
    * Calendar: Switch to a Photon-style icon set for all platforms
    * Fix multiple requests for master password when Google Mail or
      Calendar OAuth2 is enabled
    * Fix scrollbar of the address entry auto-complete popup
    * Fix security info dialog in compose window not showing
      certificate status
    * Fix links in the Add-on Manager's search results and theme
      browsing tabs that opened in external browser
    * Fix localization not showing the localized name for the
      "Drafts" and "Sent" folders for certain IMAP providers
    * Fix replying to a message with an empty subject which
      inserted Re: twice
    * Fix spellcheck marks disappeaing erroneously for words with
      an apostrophe
    * Calendar: First day of the week can now be set
    * Calendar: Several fixes related to cutting/deleting of events
      and email schedulin
    * Fix date display issues (bsc#1109379)
    * Fix start-up crash due to folder name with special characters
      (bsc#1107772)
  - Security fixes for the Mozilla platform picked up from 60.1 and
    60.2 (Firefox ESR releases). In general, these flaws
    cannot be exploited through email in Thunderbird because
    scripting is disabled when reading mail, but are potentially
    risks in browser or browser-like contexts (MFSA 2018-25):
    * CVE-2018-12377 (bsc#1107343, bmo#1470260)
      Use-after-free in refresh driver timers
    * CVE-2018-12378 (bsc#1107343, bmo#1459383)
      Use-after-free in IndexedDB
    * CVE-2017-16541 (bsc#1066489, bmo#1412081)
      Proxy bypass using automount and autofs
    * CVE-2018-12376 (bmo#69309,bmo#69914,bmo#50989,bmo#80092,
      bmo#80517,bmo#81093,bmo#78575,bmo#71953,bmo#73161,bmo#66991,
      bmo#68738,bmo#83120,bmo#67363,bmo#72925,bmo#66577,bmo#67889,
      bmo#80521,bsc#1107343)
      Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2
    * CVE-2018-12385 (bsc#1109363, bmo#1490585)
      Crash in TransportSecurityInfo due to cached data
    * CVE-2018-12383 (bsc#1107343, bmo#1475775)
      Setting a master password did not delete unencrypted
      previously stored passwords
* Tue Sep 11 2018 Guillaume GARDET <guillaume.gardet@opensuse.org>
  - Update file list since minidump-analyzer is only available when
    crashreporter is enabled
* Sat Aug 25 2018 astieger@suse.com
  - remove non-free untar licenced code from distributed tarball
* Wed Aug 15 2018 bjorn.lie@gmail.com
  - Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
    conditional --disable-gconf to configure: no longer pull in
    obsolete gconf2 for Tumbleweed.
* Fri Aug 03 2018 wr@rosenauer.org
  - update to Thunderbird 60.0:
    https://www.thunderbird.net/en-US/thunderbird/60.0/releasenotes/
    * Improved message handling and composing
    * Improved handling of message templates
    * Support for OAuth2 and FIDO U2F
    * Various Calendar improvements
    * Various fixes and changes to e-mail workflow
    * Various IMAP fixes
    * Native desktop notifications
  - Security fixes which can not, in general, be exploited through
    email, but are potential risks in browser or browser-like contexts:
    MFSA 2018-19 (bsc#1098998)
    * CVE-2018-12359 (bmo#1459162)
      Buffer overflow using computed size of canvas element
    * CVE-2018-12360 (bmo#1459693)
      Use-after-free when using focus()
    * CVE-2018-12361 (bmo#1463244)
      Integer overflow in SwizzleData
    * CVE-2018-12362 (bmo#1452375)
      Integer overflow in SSSE3 scaler
    * CVE-2018-5156 (bmo#1453127)
      Media recorder segmentation fault when track type is changed
      during capture
    * CVE-2018-12363 (bmo#1464784)
      Use-after-free when appending DOM nodes
    * CVE-2018-12364 (bmo#1436241)
      CSRF attacks through 307 redirects and NPAPI plugins
    * CVE-2018-12365 (bmo#1459206)
      Compromised IPC child process can list local filenames
    * CVE-2018-12371 (bmo#1465686)
      Integer overflow in Skia library during edge builder allocation
    * CVE-2018-12366 (bmo#1464039)
      Invalid data handling during QCMS transformations
    * CVE-2018-12367 (bmo#1462891)
      Timing attack mitigation of PerformanceNavigationTiming
    * CVE-2018-5187 (bmo#1461324,bmo#1414829,bmo#1395246,bmo#1467938,
      bmo#1461619,bmo#1425930,bmo#1438556,bmo#1454285,bmo#1459568,
      bmo#1463884)
      Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and
      Thunderbird 60
    * CVE-2018-5188 (bmo#1456189,bmo#1456975,bmo#1465898,bmo#1392739,
      bmo#1451297,bmo#1464063,bmo#1437842,bmo#1442722,bmo#1452576,
      bmo#1450688,bmo#1458264,bmo#1458270,bmo#1465108,bmo#1464829,
      bmo#1464079,bmo#1463494,bmo#1458048)
      Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, Firefox
      ESR 52.9, and Thunderbird 60
  - requires NSPR 4.19 and NSS 3.36.4
  - source archives are now signed directly
    (removed checksum signature check)
  - imported patches from Firefox 60
    * mozilla-bmo1375074.patch
    * mozilla-bmo1464766.patch
    * mozilla-i586-DecoderDoctorLogger.patch
    * mozilla-i586-domPrefs.patch
  - removed obsolete patches
    * mozilla-language.patch
    * tb-ssldap.patch
    * mozilla-develdirs.patch
  - removed -devel subpackage as old-style extensions are mainly gone
  - storing of remote content settings fixed (boo#1084603)
* Tue Jul 10 2018 wr@rosenauer.org
  - update to Thunderbird 52.9.1
    * Deleting or detaching attachments corrupted messages under certain
      circumstances (bmo#1473893, bsc#1100780)
* Mon Jul 02 2018 wr@rosenauer.org
  - update to Thunderbird 52.9.0:
    MFSA 2018-16 (bsc#1098998)
    * CVE-2018-12359 (bmo#1459162)
      Buffer overflow using computed size of canvas element
    * CVE-2018-12360 (bmo#1459693)
      Use-after-free when using focus()
    * CVE-2018-12372 (bmo#1419417, bsc#1100082)
      S/MIME and PGP decryption oracles can be built with HTML emails
    * CVE-2018-12373 (bmo#1464667, bmo#1464056, bsc#1100079)
      S/MIME plaintext can be leaked through HTML reply/forward
    * CVE-2018-12362 (bmo#1452375)
      Integer overflow in SSSE3 scaler
    * CVE-2018-12363 (bmo#1464784)
      Use-after-free when appending DOM nodes
    * CVE-2018-12364 (bmo#1436241)
      CSRF attacks through 307 redirects and NPAPI plugins
    * CVE-2018-12365 (bmo#1459206)
      Compromised IPC child process can list local filenames
    * CVE-2018-12366 (bmo#1464039)
      Invalid data handling during QCMS transformations
    * CVE-2018-12374 (bmo#1462910, bsc#1100081)
      Using form to exfiltrate encrypted mail part by pressing enter in form field
    * CVE-2018-5188 (bmo#1456189,bmo#1456975,bmo#1465898,bmo#1392739,
      bmo#1451297,bmo#1464063,bmo#1437842,bmo#1442722,bmo#1452576,
      bmo#1450688,bmo#1458264,bmo#1458270,bmo#1465108,bmo#1464829,
      bmo#1464079,bmo#1463494,bmo#1458048)
      Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9
    * Thunderbird will now prompt to compact IMAP folders even if the
      account is online
    * Option for not decrypting subordinate message parts that
      otherwise might reveal decryted content to the attacker.
      Preference mailnews.p7m_subparts_external needs to be set to
      true for added security.
    * Fix various problems when forwarding messages inline when using
      "simple" HTML view
  - correct requires and provides handling (boo#1076907)
  - reduce memory footprint with %ix86 at linking time via additional
    compiler flags (boo#1091376)
* Sun Jul 01 2018 astieger@suse.com
  - Build from upstream source archive and verify source signature
    (boo#1085780)
* Sat May 19 2018 wr@rosenauer.org
  - update to Thunderbird 52.8 (bsc#1092548)
    MFSA 2018-13
    * CVE-2018-5183 (bmo#1454692)
      Backport critical security fixes in Skia
    * CVE-2018-5184 (bmo#1411592, bsc#1093152)
      Full plaintext recovery in S/MIME via chosen-ciphertext attack
    * CVE-2018-5154 (bmo#1443092)
      Use-after-free with SVG animations and clip paths
    * CVE-2018-5155 (bmo#1448774)
      Use-after-free with SVG animations and text paths
    * CVE-2018-5159 (bmo#1441941)
      Integer overflow and out-of-bounds write in Skia
    * CVE-2018-5161 (bmo#1411720)
      Hang via malformed headers
    * CVE-2018-5162 (bmo#1457721, bsc#1093152)
      Encrypted mail leaks plaintext through src attribute
    * CVE-2018-5170 (bmo#1411732)
      Filename spoofing for external attachments
    * CVE-2018-5168 (bmo#1449548)
      Lightweight themes can be installed without user interaction
    * CVE-2018-5174 (bmo#1447080) (Windows only)
      Windows Defender SmartScreen UI runs with less secure behavior
      for downloaded files in Windows 10 April 2018 Update
    * CVE-2018-5178 (bmo#1443891)
      Buffer overflow during UTF-8 to Unicode string conversion
      through legacy extension
    * CVE-2018-5185 (bmo#1450345)
      Leaking plaintext through HTML forms
    * CVE-2018-5150 (bmo#1388020,bmo#1433609,bmo#1409440,bmo#1448705,
      bmo#1451376,bmo#1452202,bmo#1444668,bmo#1393367,bmo#1411415,
      bmo#1426129)
      Memory safety bugs fixed in Firefox 60, Firefox ESR 52.8 and
      Thunderbird 52.8
* Tue Mar 27 2018 ro@suse.de
  - Exclude bigendian archs for now, have not built
    since version 45.8.0
    ExcludeArch: ppc ppc64 s390 s390x
* Fri Mar 23 2018 wr@rosenauer.org
  - update to Thunderbird 52.7
    * Searching message bodies of messages in local folders, including
      filter and quick filter operations, did not find content in
      message attachments
    * Better error handling for Yahoo accounts
  - The following security fixes are included as part of the mozilla
    platform. In general, these flaws cannot be exploited through
    email in the Thunderbird product because scripting is disabled
    when reading mail, but are potentially risks in browser or
    browser-like contexts (MFSA 2018-09, bsc#1085130, bsc#1085671):
    * CVE-2018-5127 (bmo#1430557)
      Buffer overflow manipulating SVG animatedPathSegList
    * CVE-2018-5129 (bmo#1428947)
      Out-of-bounds write with malformed IPC messages
    * CVE-2018-5144 (bmo#1440926)
      Integer overflow during Unicode conversion
    * CVE-2018-5146 (bmo#1446062)
      Out of bounds memory write in libvorbis
    * CVE-2018-5125 (bmo1416529,bmo#1434580,bmo#1434384,bmo#1437450,
      bmo#1437507,bmo#1426988,bmo#1438425,bmo#1324042,bmo#1437087,
      bmo#1443865,bmo#1425520)
      Memory safety bugs fixed in Firefox 59, Firefox ESR 52.7, and
      Thunderbird 52.7
    * CVE-2018-5145 (bmo#1261175,bmo#1348955)
      Memory safety bugs fixed in Firefox ESR 52.7 and Thunderbird
      52.7
* Wed Jan 24 2018 wr@rosenauer.org
  - update to Thunderbird 52.6 (bsc#1077291)
    * Searching message bodies of messages in local folders, including
      filter and quick filter operations, not working reliably: Content
      not found in base64-encode message parts, non-ASCII text not found
      and false positives found.
    * Defective messages (without at least one expected header) not shown
      in IMAP folders but shown on mobile devices
    * Calendar: Unintended task deletion if numlock is enabled
    * Mozilla platform security fixes
    MFSA 2018-04
    * CVE-2018-5095 (bmo#1418447)
      Integer overflow in Skia library during edge builder allocation
    * CVE-2018-5096 (bmo#1418922)
      Use-after-free while editing form elements
    * CVE-2018-5097 (bmo#1387427)
      Use-after-free when source document is manipulated during XSLT
    * CVE-2018-5098 (bmo#1399400)
      Use-after-free while manipulating form input elements
    * CVE-2018-5099 (bmo#1416878)
      Use-after-free with widget listener
    * CVE-2018-5102 (bmo#1419363)
      Use-after-free in HTML media elements
    * CVE-2018-5103 (bmo#1423159)
      Use-after-free during mouse event handling
    * CVE-2018-5104 (bmo#1425000)
      Use-after-free during font face manipulation
    * CVE-2018-5117 (bmo#1395508)
      URL spoofing with right-to-left text aligned left-to-right
    * CVE-2018-5089
      Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6
  - dropped obsolete mozilla-ucontext.patch
* Sat Dec 23 2017 wr@rosenauer.org
  - update to Thunderbird 52.5.2
    * This releases fixes the "Mailsploit" vulnerability and other
      vulnerabilities detected by the "Cure53" audit
    MFSA 2017-30
    * CVE-2017-7845 (bmo#1402372)
      Buffer overflow when drawing and validating elements with ANGLE
      library using Direct 3D 9
    * CVE-2017-7846 (bmo#1411716, bsc#1074043)
      JavaScript Execution via RSS in mailbox:// origin
    * CVE-2017-7847 (bmo#1411708, bsc#1074044)
      Local path string can be leaked from RSS feed
    * CVE-2017-7848 (bmo#1411699, bsc#1074045)
      RSS Feed vulnerable to new line Injection
    * CVE-2017-7829 (bmo#1423432, bsc#1074046)
      Mailsploit part 1: From address with encoded null character is
      cut off in message header display
* Fri Dec 08 2017 dimstar@opensuse.org
  - Explicitly buildrequires python2-xml: The build system relies on
    it. We wrongly relied on other packages pulling it in for us.
* Thu Dec 07 2017 dimstar@opensuse.org
  - Escape the usage of %{VERSION} when calling out to rpm.
    RPM 4.14 has %{VERSION} defined as 'the main packages version'.
* Wed Nov 22 2017 wr@rosenauer.org
  - update to Thunderbird 52.5.0 (bsc#1068101)
    * Better support for Charter/Spectrum IMAP: Thunderbird will now
      detect Charter's IMAP service and send an additional IMAP select
      command to the server. Check the various preferences ending in
      "force_select" to see whether auto-detection has discovered this case.
    * In search folders spanning multiple base folders clicking on a
      message sometimes marked another message as read
    * IMAP alerts have been corrected and now show the correct server
      name in case of connection problems
    * POP alerts have been corrected and now indicate connection problems
      in case the configured POP server cannot be found
    MFSA 2017-26
    * CVE-2017-7828 (bmo#1406750. bmo#1412252)
      Use-after-free of PressShell while restyling layout
    * CVE-2017-7830 (bmo#1408990)
      Cross-origin URL information leak through Resource Timing API
    * CVE-2017-7826
      Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5
* Fri Nov 10 2017 zaitor@opensuse.org
  - Drop obsolete libgnomeui-devel BuildRequires: No longer needed.
  - Add explicit pkgconfig(gconf-2.0), pkgconfig(gobject-2.0),
    pkgconfig(gtk+-2.0), pkgconfig(gtk+-unix-print-2.0),
    pkgconfig(glib-2.0), pkgconfig(gobject-2.0) and
    pkgconfig(gdk-x11-2.0) BuildRequires: Previously pulled in by
    libgnomeui-devel, and is what configure really checks for.
* Wed Oct 04 2017 astieger@suse.com
  - Mozilla Thunderbird 52.4.0 (bsc#1060445)
    * new behavior was introduced for replies to mailing list posts:
      "When replying to a mailing list, reply will be sent to address
      in From header ignoring Reply-to header". A new preference
      mail.override_list_reply_to allows to restore the previous behavior.
    * Under certain circumstances (image attachment and non-image
      attachment), attached images were shown truncated in messages
      stored in IMAP folders not synchronised for offline use.
    * IMAP UIDs > 0x7FFFFFFF now handled properly
    Security fixes from Gecko 52.4esr
    * CVE-2017-7793 (bmo#1371889)
      Use-after-free with Fetch API
    * CVE-2017-7818 (bmo#1363723)
      Use-after-free during ARIA array manipulation
    * CVE-2017-7819 (bmo#1380292)
      Use-after-free while resizing images in design mode
    * CVE-2017-7824 (bmo#1398381)
      Buffer overflow when drawing and validating elements with ANGLE
    * CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement)
      Use-after-free in TLS 1.2 generating handshake hashes
    * CVE-2017-7814 (bmo#1376036)
      Blob and data URLs bypass phishing and malware protection warnings
    * CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only)
      OS X fonts render some Tibetan and Arabic unicode characters as spaces
    * CVE-2017-7823 (bmo#1396320)
      CSP sandbox directive did not create a unique origin
    * CVE-2017-7810
      Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4
* Thu Sep 28 2017 dimstar@opensuse.org
  - Add alsa-devel BuildRequires: we care for ALSA support to be
    built and thus need to ensure we get the dependencies in place.
    In the past, alsa-devel was pulled in by accident: we
    buildrequire libgnome-devel. This required esound-devel and that
    in turn pulled in alsa-devel for us. libgnome is being fixed to
    no longer require esound-devel.
* Tue Aug 15 2017 wr@rosenauer.org
  - update to Thunderbird 52.3 (boo#1052829)
    Fixed issues:
    * Unwanted inline images shown in rogue SPAM messages
    * Deleting message from the POP3 server not working when maildir
      storage was used
    * Message disposition flag (replied / forwarded) lost when reply or
      forwarded message was stored as draft and draft was sent later
    * Inline images not scaled to fit when printing
    * Selected text from another message sometimes included in a reply
    * No authorisation prompt displayed when inserting image into email
      body although image URL requires authentication
    * Large attachments taking a long time to open under some circumstances
    security
    Security fixes from Gecko 52.3esr
    * CVE-2017-7798 (bmo#1371586, bmo#1372112)
      XUL injection in the style editor in devtools
    * CVE-2017-7800 (bmo#1374047)
      Use-after-free in WebSockets during disconnection
    * CVE-2017-7801 (bmo#1371259)
      Use-after-free with marquee during window resizing
    * CVE-2017-7784 (bmo#1376087)
      Use-after-free with image observers
    * CVE-2017-7802 (bmo#1378147)
      Use-after-free resizing image elements
    * CVE-2017-7785 (bmo#1356985)
      Buffer overflow manipulating ARIA attributes in DOM
    * CVE-2017-7786 (bmo#1365189)
      Buffer overflow while painting non-displayable SVG
    * CVE-2017-7753 (bmo#1353312)
      Out-of-bounds read with cached style data and pseudo-elements#
    * CVE-2017-7787 (bmo#1322896)
      Same-origin policy bypass with iframes through page reloads
    * CVE-2017-7807 (bmo#1376459)
      Domain hijacking through AppCache fallback
    * CVE-2017-7792 (bmo#1368652)
      Buffer overflow viewing certificates with an extremely long OID
    * CVE-2017-7804 (bmo#1372849)
      Memory protection bypass through WindowsDllDetourPatcher
    * CVE-2017-7791 (bmo#1365875)
      Spoofing following page navigation with data: protocol and modal alerts
    * CVE-2017-7782 (bmo#1344034)
      WindowsDllDetourPatcher allocates memory without DEP protections
    * CVE-2017-7803 (bmo#1377426)
      CSP containing 'sandbox' improperly applied
    * CVE-2017-7779
      Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
* Wed Aug 09 2017 schwab@suse.de
  - mozilla-ucontext.patch: use ucontext_t instead of struct ucontext
* Wed Jun 28 2017 guillaume@opensuse.org
  - mozilla-disable-neon-option.patch has been dropped silently, so
    remove the --disable-neon option as it is not available anymore.
* Sun Jun 25 2017 wr@rosenauer.org
  - update to Thunderbird 52.2.1
    * Problems with Gmail fixed (folders not showing, repeated email
      download, etc.) introduced in version 52.2.0. (boo#1045895)
* Wed Jun 14 2017 wr@rosenauer.org
  - update to Thunderbird 52.2 (boo#1043960)
    * Embedded images not shown in email received from Hotmail/Outlook
      webmailer
    * Detection of non-ASCII font names in font selector
    * Attachment not forwarded correctly under certain circumstances
    * Multiple requests for master password when GMail OAuth2 is enabled
    * Large number of blank pages being printed under certain
      circumstances when invalid preferences were present
    * Messages sent via the Simple MAPI interface are forced to HTML
    * Calendar: Invitations can't be printed
    * Mailing list (group) not accessible from macOS or Outlook address book
    * Clicking on links with references/anchors where target doesn't
      exist in the message not opening in external browser
    MFSA 2017-17
    * CVE-2017-5472 (bmo#1365602)
      Use-after-free using destroyed node when regenerating trees
    * CVE-2017-7749 (bmo#1355039)
      Use-after-free during docshell reloading
    * CVE-2017-7750 (bmo#1356558)
      Use-after-free with track elements
    * CVE-2017-7751 (bmo#1363396)
      Use-after-free with content viewer listeners
    * CVE-2017-7752 (bmo#1359547)
      Use-after-free with IME input
    * CVE-2017-7754 (bmo#1357090)
      Out-of-bounds read in WebGL with ImageInfo object
    * CVE-2017-7756 (bmo#1366595)
      Use-after-free and use-after-scope logging XHR header errors
    * CVE-2017-7757 (bmo#1356824)
      Use-after-free in IndexedDB
    * CVE-2017-7778, CVE-2017-7778, CVE-2017-7771, CVE-2017-7772,
      CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776,
      CVE-2017-7777
      Vulnerabilities in the Graphite 2 library
    * CVE-2017-7758 (bmo#1368490)
      Out-of-bounds read in Opus encoder
    * CVE-2017-7763 (bmo#1360309)
      Mac fonts render some unicode characters as spaces (MacOS only)
    * CVE-2017-7764 (bmo#1364283)
      Domain spoofing with combination of Canadian Syllabics and other
      unicode blocks
    * CVE-2017-7765 (bmo#1273265)
      Mark of the Web bypass when saving executable files (Windows only)
    * CVE-2017-5470
      Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2
  - requires NSS 3.28.5
* Sun Jun 04 2017 wr@rosenauer.org
  - remove legacy -Os optimization breaking gcc7/i586 (boo#1042090)
* Thu Jun 01 2017 wr@rosenauer.org
  - explicitely optimize with -O2 for openSUSE > 13.2/Leap 42 to work
    with gcc7 (boo#1040105, boo#1042090)
* Thu May 11 2017 wr@rosenauer.org
  - update to Thunderbird 52.1.1
    * fixed crash when compacting IMAP folder (boo#1038753)
    * Some attachments could not be opened or saved if the message
      body is empty
    * Unable to load full message via POP if message was downloaded
      partially (or only headers) before
    * Large attachments may not be shown or saved correctly if the
      message is stored in an IMAP folder which is not synchronized
      for offline use
* Mon May 01 2017 wr@rosenauer.org
  - update to Thunderbird 52.1.0
    * Background images not working and other issues related to
      embedded images when composing email have been fixed
    * Google Oauth setup can sometimes not progress to the next step
    * requires NSS >= 3.28.4
  - security fixes (boo#1035082), MFSA 2017-13
    * CVE-2017-5443 (bmo#1342661)
      Out-of-bounds write during BinHex decoding
    * CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894,
      bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088)
      Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and
      Firefox ESR 52.1
    * CVE-2017-5464 (bmo#1347075)
      Memory corruption with accessibility and DOM manipulation
    * CVE-2017-5465 (bmo#1347617)
      Out-of-bounds read in ConvolvePixel
    * CVE-2017-5466 (bmo#1353975)
      Origin confusion when reloading isolated data:text/html URL
    * CVE-2017-5467 (bmo#1347262)
      Memory corruption when drawing Skia content
    * CVE-2017-5460 (bmo#1343642)
      Use-after-free in frame selection
    * CVE-2017-5461 (bmo#1344380)
      Out-of-bounds write in Base64 encoding in NSS
    * CVE-2017-5449 (bmo#1340127)
      Crash during bidirectional unicode manipulation with animation
    * CVE-2017-5446 (bmo#1343505)
      Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
    * CVE-2017-5447 (bmo#1343552)
      Out-of-bounds read during glyph processing
    * CVE-2017-5444 (bmo#1344461)
      Buffer overflow while parsing application/http-index-format content
    * CVE-2017-5445 (bmo#1344467)
      Uninitialized values used while parsing application/http-index-format
      content
    * CVE-2017-5442 (bmo#1347979)
      Use-after-free during style changes
    * CVE-2017-5469 (bmo#1292534)
      Potential Buffer overflow in flex-generated code
    * CVE-2017-5440 (bmo#1336832)
      Use-after-free in txExecutionState destructor during XSLT processing
    * CVE-2017-5441 (bmo#1343795)
      Use-after-free with selection during scroll events
    * CVE-2017-5439 (bmo#1336830)
      Use-after-free in nsTArray Length() during XSLT processing
    * CVE-2017-5438 (bmo#1336828)
      Use-after-free in nsAutoPtr during XSLT processing
    * CVE-2017-5437 (bmo#1343453)
      Vulnerabilities in Libevent library
    * CVE-2017-5436 (bmo#1345461)
      Out-of-bounds write with malicious font in Graphite 2
    * CVE-2017-5435 (bmo#1350683)
      Use-after-free during transaction processing in the editor
    * CVE-2017-5434 (bmo#1349946)
      Use-after-free during focus handling
    * CVE-2017-5433 (bmo#1347168)
      Use-after-free in SMIL animation functions
    * CVE-2017-5432 (bmo#1346654)
      Use-after-free in text input selection
    * CVE-2017-5430 (bmo#1329796, bmo#1337418, bmo#1339722, bmo#1340482,
      bmo#1342101, bmo#1344081, bmo#1344305, bmo#1344686, bmo#1346140,
      bmo#1346419, bmo#1348143, bmo#1349621, bmo#1349719, bmo#1353476)
      Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1
    * CVE-2017-5459 (bmo#1333858)
      Buffer overflow in WebGL
    * CVE-2017-5462 (bmo#1345089)
      DRBG flaw in NSS
    * CVE-2017-5454 (bmo#1349276)
      Sandbox escape allowing file system read access through file
      picker
    * CVE-2017-5451 (bmo#1273537)
      Addressbar spoofing with onblur event
* Mon Apr 17 2017 wr@rosenauer.org
  - update to Thunderbird 52.0.1
    * Clicking on a link in an email may not open this link in the
      external browser
    * addon blocklist updates
  - enable ALSA for systems w/o PA
  - require libffi explicitely to fix PPC64LE build where a system
    library is required
* Sat Mar 18 2017 wr@rosenauer.org
  - update to Thunderbird 52.0
    * Optionally remove corresponding data files when removing an account
    * Possibility to copy message filter
    * Calendar: Event can now be created and edited in a tab
    * Calendar: Processing of received invitation counter proposals
    * Chat: Support Twitter Direct Messages
    * Chat: Liking and favoriting in Twitter
    * Chat: Removed Yahoo! Messenger support
    * serveral bugfixes
  - security fixes (bsc#1028391, MFSA 2017-09):
    In general, these flaws cannot be exploited through email because
    scripting is disabled when reading mail, but are potentially
    risks in browser or browser-like contexts.
    * CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP (bmo#1334933)
    * CVE-2017-5401: Memory Corruption when handling ErrorResult (bmo#1328861)
    * CVE-2017-5402: Use-after-free working with events in FontFace objects (bmo#1334876)
    * CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object (bmo#1340186)
    * CVE-2017-5404: Use-after-free working with ranges in selections (bmo#1340138)
    * CVE-2017-5406: Segmentation fault in Skia with canvas operations (bmo#1306890)
    * CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters (bmo#1336622)
    * CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping (bmo#1330687)
    * CVE-2017-5408: Cross-origin reading of video captions in violation of CORS (bmo#1313711)
    * CVE-2017-5412: Buffer overflow read in SVG filters (bmo#1328323)
    * CVE-2017-5413: Segmentation fault during bidirectional operations (bmo#1337504)
    * CVE-2017-5414: File picker can choose incorrect default directory (bmo#1319370)
    * CVE-2017-5416: Null dereference crash in HttpChannel (bmo#1328121)
    * CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running (bmo#1257361)
    * CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses (bmo#1338876)
    * CVE-2017-5419: Repeated authentication prompts lead to DOS attack (bmo#1312243)
    * CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports (bmo#1336699)
    * CVE-2017-5421: Print preview spoofing (bmo#1301876)
    * CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink (bmo#1295002)
    * CVE-2017-5399: Memory safety bugs fixed in Thunderbird 52
    * CVE-2017-5398: Memory safety bugs fixed in Thunderbird 52 and Thunderbird 45.8
  - removed obsolete patches
    * mozilla-aarch64-48bit-va.patch
    * mozilla-binutils-visibility.patch
    * mozilla-flex_buffer_overrun.patch
    * mozilla-gcc6.patch
  - added generic mozilla patches
    * mozilla-aarch64-startup-crash.patch
  - require newer versions of NSPR and NSS
  - use Gtk3 for Tumbleweed
* Tue Mar 07 2017 wr@rosenauer.org
  - update to Thunderbird 45.8.0 (boo#1028391)
    * MFSA 2017-07
      CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
      (bmo#1334933)
      CVE-2017-5401: Memory Corruption when handling ErrorResult
      (bmo#1328861)
      CVE-2017-5402: Use-after-free working with events in FontFace
      objects (bmo#1334876)
      CVE-2017-5404: Use-after-free working with ranges in selections
      (bmo#1340138)
      CVE-2017-5407: Pixel and history stealing via floating-point
      timing side channel with SVG filters (bmo#1336622)
      CVE-2017-5410: Memory corruption during JavaScript garbage
      collection incremental sweeping (bmo#1330687)
      CVE-2017-5408: Cross-origin reading of video captions in violation
      of CORS (bmo#1313711)
      CVE-2017-5405: FTP response codes can cause use of
      uninitialized values for ports (bmo#1336699)
      CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and
      Firefox ESR 45.8
* Thu Feb 09 2017 wr@rosenauer.org
  - update to Thunderbird 45.7.1
    * fixed Crash when viewing certain IMAP messages (introduced in 45.7.0)
* Tue Jan 24 2017 wr@rosenauer.org
  - update to Thunderbird 45.7.0
    * Message preview pane non-functional after IMAP folder was renamed
      or moved
    * "Move To" button on "Search Messages" panel not working
    * Message sent to "undisclosed recipients" shows no recipient
      (non-functional since Thunderbird version 38)
    * Security updates from MFSA 2017-03 (Gecko 45.7.0) boo#1021991.
      In general, these flaws cannot be exploited through email in
      Thunderbird because scripting is disabled when reading mail,
      but are potentially risks in browser or browser-like contexts:
      CVE-2017-5375: Excessive JIT code allocation allows bypass of
      ASLR and DEP (bmo#1325200, boo#1021814)
      CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817)
      CVE-2017-5378: Pointer and frame data leakage of Javascript objects
      (bmo#1312001, bmo#1330769, boo#1021818)
      CVE-2017-5380: Potential use-after-free during DOM manipulations
      (bmo#1322107, boo#1021819)
      CVE-2017-5390: Insecure communication methods in Developer Tools
      JSON viewer (bmo#1297361, boo#1021820)
      CVE-2017-5396: Use-after-free with Media Decoder
      (bmo#1329403, boo#1021821)
      CVE-2017-5383: Location bar spoofing with unicode characters
      (bmo#1323338, bmo#1324716, boo#1021822)
      CVE-2017-5373: Memory safety bugs fixed in Thunderbird 45.7
      (boo#1021824)
* Thu Dec 29 2016 wr@rosenauer.org
  - update to Thunderbird 45.6.0 (boo#1015422)
    * The system integration dialog was shown every time when starting
      Thunderbird
    * MFSA 2016-96
      CVE-2016-9899: Use-after-free while manipulating DOM events and
      audio elements (bmo#1317409)
      CVE-2016-9895: CSP bypass using marquee tag (bmo#1312272)
      CVE-2016-9897: Memory corruption in libGLES (bmo#1301381)
      CVE-2016-9898: Use-after-free in Editor while manipulating DOM
      subtrees (bmo#1314442)
      CVE-2016-9900: Restricted external resources can be loaded by
      SVG images through data URLs (bmo#1319122)
      CVE-2016-9904: Cross-origin information leak in shared atoms
      (bmo#1317936)
      CVE-2016-9905: Crash in EnumerateSubDocuments (bmo#1293985)
      CVE-2016-9893: Memory safety bugs fixed in Thunderbird 45.6
* Thu Dec 01 2016 astieger@suse.com
  - Mozilla Thunderbird 45.5.1:
    * CVE-2016-9079: SVG Animation Remote Code Execution
      (MFSA 2016-92, bsc#1012964, bmo#1321066)
* Sat Nov 19 2016 astieger@suse.com
  - Mozilla Thunderbird 45.5.0 (boo#1009026)
    * Fixes for security flaws that cannot be exploited through email
      because scripting is disabled when reading mail, but are
      potentially risks in browser or browser-like contexts:
      CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
      (bsc#1010411)
      CVE-2016-5297: Incorrect argument length checking in Javascript
      (bsc#1010401)
      CVE-2016-9066: Integer overflow leading to a buffer overflow in
      nsScriptLoadHandler (bsc#1010404)
      CVE-2016-5291: Same-origin policy violation using local HTML file
      and saved shortcut file (bsc#1010410)
      CVE-2016-5290: Memory safety bugs fixed in Thunderbird ESR 45.5
      (bsc#1010427)
  - Changed behavior:
    * Changed recipient address entry: Arrow-keys now copy the pop-up
      value to the input field. Mouse-hovered pop-up value can no
      longer be confirmed with tab or enter key. This restores the
      behavior of Thunderbird 24.
    * Support changes to character limit in Twitter
  - Bugs fixed:
    * Reply with selected text containing quote resulted in wrong
      quoting level indication
    * Email invitation might not be displayed when description
      contains non-ASCII characters
    * Attempting to sort messages on the Date field whilst a quick
      filter is applied got stuck on sort descending
    * Mail address display at header pane displayed incorrectly if
      the address contains UTF-8 according to RFC 6532
* Sat Oct 01 2016 wr@rosenauer.org
  - update to Thunderbird 45.4.0 (boo#999701)
    * Display name was truncated if no separating space before email
      address.
    * Recipient addresses were shown in wrong color in some circumstances.
    * Additional spaces were inserted when drafts were edited.
    * Mail saved as template copied In-Reply-To and References from
      original email.
    * Threading broken when editing message draft, due to loss of Message-ID
    * "Apply columns to..." did not honor special folders
* Tue Aug 30 2016 wr@rosenauer.org
  - update to Thunderbird 45.3.0 (boo#991809)
    * Disposition-Notification-To could not be used in
      mail.compose.other.header
    * "edit as new message" on a received message pre-filled the sender
      as the composing identity.
    * Certain messages caused corruption of the drafts summary database.
    security fixes:
    * MFSA 2016-62/CVE-2016-2836
      Miscellaneous memory safety hazards
    * MFSA 2016-63/CVE-2016-2830 (bmo#1255270)
      Favicon network connection can persist when page is closed
    * MFSA 2016-64/CVE-2016-2838 (bmo#1279814)
      Buffer overflow rendering SVG with bidirectional content
    * MFSA 2016-65/CVE-2016-2839 (bmo#1275339)
      Cairo rendering crash due to memory allocation issue with FFmpeg 0.10
    * MFSA 2016-67/CVE-2016-5252 (bmo#1268854)
      Stack underflow during 2D graphics rendering
    * MFSA 2016-70/CVE-2016-5254 (bmo#1266963)
      Use-after-free when using alt key and toplevel menus
    * MFSA 2016-72/CVE-2016-5258 (bmo#1279146)
      Use-after-free in DTLS during WebRTC session shutdown
    * MFSA 2016-73/CVE-2016-5259 (bmo#1282992)
      Use-after-free in service workers with nested sync events
    * MFSA 2016-76/CVE-2016-5262 (bmo#1277475)
      Scripts on marquee tag can execute in sandboxed iframes
    * MFSA 2016-77/CVE-2016-2837 (bmo#1274637)
      Buffer overflow in ClearKey Content Decryption Module (CDM)
      during video playback
    * MFSA 2016-78/CVE-2016-5263 (bmo#1276897)
      Type confusion in display transformation
    * MFSA 2016-79/CVE-2016-5264 (bmo#1286183)
      Use-after-free when applying SVG effects
    * MFSA 2016-80/CVE-2016-5265 (bmo#1278013)
      Same-origin policy violation using local HTML file and saved shortcut file
* Fri Aug 05 2016 pcerny@suse.com
  - Fix for possible buffer overrun (bsc#990856)
    CVE-2016-6354 (bmo#1292534)
    [mozilla-flex_buffer_overrun.patch]
* Thu Jul 21 2016 mailaender@opensuse.org
  - add a screenshot to appdata.xml
* Thu Jun 30 2016 wr@rosenauer.org
  - update to Thunderbird 45.2 (boo#983549)
    Security fixes:
    * CVE-2016-2818, CVE-2016-2815: Memory safety bugs (MFSA2016-49)
  - drop mozilla-flexible-array-member-in-union.patch, upstream
* Fri Jun 24 2016 wr@rosenauer.org
  - mozilla-binutils-visibility.patch to fix build issues with
    gcc/binutils combination used in Leap 42.2 (boo#984637)
* Thu Jun 23 2016 wr@rosenauer.org
  - build with -fno-delete-null-pointer-checks for Tumbleweed/gcc6
    as long as underlying issues have been addressed upstream
    (boo#986162)
* Mon Jun 13 2016 agraf@suse.com
  - Fix running on 48bit va aarch64 (bsc#984126)
    - Add patch mozilla-aarch64-48bit-va.patch
* Fri May 27 2016 wr@rosenauer.org
  - update to Thunderbird 45.1.1
    * When entering members into a mailing list, the enter key
      dismissed the panel instead of just moving onto the next line
    * Email without HTML elements was sent as HTML, despite
      "Delivery Format: Auto-detect" option
    * Options applied to a template were lost when the template was used
    * Contacts could not be deleted when they were found through a search
    * Views from global searches did not respect
      "mail.threadpane.use_correspondents"
* Wed May 25 2016 badshah400@gmail.com
  - The conditional testing for gcc was failing for different
    openSUSE versions, drop it and apply patches unconditionally.
* Tue May 24 2016 badshah400@gmail.com
  - Add patches to fix building with gcc >= 6:
    + mozilla-gcc6.patch: patch taken from fedora's git and is
      essentially identical to upstream firefox patch:
      https://hg.mozilla.org/mozilla-central/rev/55212130f19d.
    + mozilla-flexible-array-member-in-union.patch: patch taken
      from upstream bmo#1272649.
* Thu May 12 2016 dimstar@opensuse.org
  - Copy the icons to /usr/share/icons instead of symlinking them:
    in preparation for containerized apps (e.g. xdg-app) as well as
    AppStream metadata extraction, there are a couple locations that
    need to be real files for system integration (.desktop files,
    icons, mime-type info).
* Sat May 07 2016 wr@rosenauer.org
  - update to Thunderbird 45.1.0 (boo#977333)
    * MFSA 2016-39/CVE-2016-2806/CVE-2016-2807 (boo#977375, boo#977376)
      Miscellaneous memory safety hazards
* Wed Apr 27 2016 badshah400@gmail.com
  - For openSUSE > 13.2, the build fails for i586 as it goes out of
    memory. Prevent this from happening by disabing parallel build
    in this particular case (i.e. do not pass
    mk_add_options MOZ_MAKE_FLAGS%{?jobs:-j%jobs}).
* Sat Apr 16 2016 wr@rosenauer.org
  - update to Thunderbird 45.0 (boo#969894)
    * Add a Correspondents column combining Sender and Recipient
    * Much better support for XMPP chatrooms and commands
    * Remote content exceptions: Improved options to add exceptions
    * Implement option to always use HTML formatting to prevent
      unexpected format loss when converting messages to plain text
    * Use OpenStreetmap for maps (even allow the user to choose from
      list of map services)
    * Allow spell checking and dictionary selection in the subject line
    * Allow editing of From when composing a message
    * Add dropdown in compose to allow specific setting of font size
    * Return/Enter in composer will now insert a new paragraph by
      default (shift-Enter will insert a line break)
    * Allow copying of name and email address from the message header
      of an email
    * Mail.ru supports OAuth authentication
    * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953
      Miscellaneous memory safety hazards
    * MFSA 2016-17/CVE-2016-1954 (bmo#1243178)
      Local file overwriting and potential privilege escalation through
      CSP reports
    * MFSA 2016-18/CVE-2016-1955 (bmo#1208946)
      CSP reports fail to strip location information for embedded iframe pages
    * MFSA 2016-19/CVE-2016-1956 (bmo#1199923)
      Linux video memory DOS with Intel drivers
    * MFSA 2016-20/CVE-2016-1957 (bmo#1227052)
      Memory leak in libstagefright when deleting an array during MP4
      processing
    * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014)
      Use-after-free in HTML5 string parser
    * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)
      Use-after-free in SetBody
    * MFSA 2016-27/CVE-2016-1964 (bmo#1243335)
      Use-after-free during XML transformations
    * MFSA 2016-34/CVE-2016-1974 (bmo#1228103)
      Out-of-bounds read in HTML parser following a failed allocation
    * MFSA 2016-35/CVE-2016-1950 (bmo#1245528)
      Buffer overflow during ASN.1 decoding in NSS
      (fixed by requiring 3.21.1)
    * MFSA 2016-36/CVE-2016-1979 (bmo#1185033)
      Use-after-free during processing of DER encoded keys in NSS
      (fixed by requiring 3.21.1)
    * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/
      CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/
      CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/
      CVE-2016-2800/CVE-2016-2801/CVE-2016-2802
      Font vulnerabilities in the Graphite 2 library
  - remove obsolete patches:
    * mozilla-arm-disable-edsp.patch
    * mozilla-icu-strncat.patch
    * mozilla-arm64-libjpeg-turbo.patch
  - added required mozilla platform patches:
    * mozilla-no-stdcxx-check.patch
* Wed Apr 06 2016 astieger@suse.com
  - update to Thunderbird 38.7.2
    * disable Graphite font shaping library (same upstream changelog
      as 38.7.1)
* Fri Mar 25 2016 wr@rosenauer.org
  - update to Thunderbird 38.7.1
    * disabled Graphite font shaping library
* Fri Mar 11 2016 wr@rosenauer.org
  - update to Thunderbird 38.7.0 (boo#969894)
    * MFSA 2015-81/CVE-2015-4477 (bmo#1179484)
      Use-after-free in MediaStream playback
    * MFSA 2015-136/CVE-2015-7207 (bmo#1185256)
      Same-origin policy violation using performance.getEntries and
      history navigation
    * MFSA 2016-16/CVE-2016-1952
      Miscellaneous memory safety hazards
    * MFSA 2016-17/CVE-2016-1954 (bmo#1243178)
      Local file overwriting and potential privilege escalation through
      CSP reports
    * MFSA 2016-20/CVE-2016-1957 (bmo#1227052)
      Memory leak in libstagefright when deleting an array during MP4
      processing
    * MFSA 2016-21/CVE-2016-1958 (bmo#1228754)
      Displayed page address can be overridden
    * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014)
      Use-after-free in HTML5 string parser
    * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)
      Use-after-free in SetBody
    * MFSA 2016-25/CVE-2016-1962 (bmo#1240760)
      Use-after-free when using multiple WebRTC data channels
    * MFSA 2016-27/CVE-2016-1964 (bmo#1243335)
      Use-after-free during XML transformations
    * MFSA 2016-28/CVE-2016-1965 (bmo#1245264)
      Addressbar spoofing though history navigation and Location protocol
      property
    * MFSA 2016-31/CVE-2016-1966 (bmo#1246054)
      Memory corruption with malicious NPAPI plugin
    * MFSA 2016-34/CVE-2016-1974 (bmo#1228103)
      Out-of-bounds read in HTML parser following a failed allocation
    * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/
      CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/
      CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/
      CVE-2016-2800/CVE-2016-2801/CVE-2016-2802
      Font vulnerabilities in the Graphite 2 library
* Fri Feb 26 2016 astieger@suse.com
  - adjust _constraints to current peak build memory and disk usage
* Sat Feb 13 2016 wr@rosenauer.org
  - update to Thunderbird 38.6.0 (boo#963520)
    * Filters ran on a different folder than selected
    * MFSA 2016-01/CVE-2016-1930
      Miscellaneous memory safety hazards
    * MFSA 2016-03/CVE-2016-1935 (bmo#1220450)
      Buffer overflow in WebGL after out of memory allocation
* Mon Jan 25 2016 olaf@aepfle.de
  - Using -g for CFLAGS is controlled via project settings, it should
    not be enforced by the mozilla buildsystem.
* Mon Jan 18 2016 olaf@aepfle.de
  - Add build conditionals for valgrind and -Os
  - Convert existing conditions for kde to bcond
* Tue Dec 29 2015 wr@rosenauer.org
  - update to Thunderbird 38.5.1
    * requires NSS 3.20.2 to fix
      MFSA 2015-150/CVE-2015-7575 (bmo#1158489)
      MD5 signatures accepted within TLS 1.2 ServerKeyExchange in
      server signature
  - explicitely require libXcomposite-devel
* Wed Dec 23 2015 wr@rosenauer.org
  - update to Thunderbird 38.5.0 (bnc#959277)
    * MFSA 2015-134/CVE-2015-7201
      Miscellaneous memory safety hazards
    * MFSA 2015-138/CVE-2015-7210 (bmo#1218326)
      Use-after-free in WebRTC when datachannel is used after being
      destroyed
    * MFSA 2015-139/CVE-2015-7212 (bmo#1222809)
      Integer overflow allocating extremely large textures
    * MFSA 2015-145/CVE-2015-7205 (bmo#1220493)
      Underflow through code inspection
    * MFSA 2015-146/CVE-2015-7213 (bmo#1206211)
      Integer overflow in MP4 playback in 64-bit versions
    * MFSA 2015-147/CVE-2015-7222 (bmo#1216748)
      Integer underflow and buffer overflow processing MP4 metadata in
      libstagefright
    * MFSA 2015-149/CVE-2015-7214 (bmo#1228950)
      Cross-site reading attack through data and view-source URIs
* Tue Nov 17 2015 wr@rosenauer.org
  - update to Thunderbird 38.4.0 (bnc#952810)
    * MFSA 2015-116/CVE-2015-4513/CVE-2015-4514
      Miscellaneous memory safety hazards
    * MFSA 2015-122/CVE-2015-7188 (bmo#1199430)
      Trailing whitespace in IP address hostnames can bypass same-origin policy
    * MFSA 2015-123/CVE-2015-7189 (bmo#1205900)
      Buffer overflow during image interactions in canvas
    * MFSA 2015-127/CVE-2015-7193 (bmo#1210302)
      CORS preflight is bypassed when non-standard Content-Type headers
      are received
    * MFSA 2015-128/CVE-2015-7194 (bmo#1211262)
      Memory corruption in libjar through zip files
    * MFSA 2015-130/CVE-2015-7196 (bmo#1140616)
      JavaScript garbage collection crash with Java applet
    * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200
      (bmo#1188010, bmo#1204061, bmo#1204155)
      Vulnerabilities found through code inspection
    * MFSA 2015-132/CVE-2015-7197 (bmo#1204269)
      Mixed content WebSocket policy bypass through workers
    * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183
      (bmo#1202868, bmo#1205157)
      NSS and NSPR memory corruption issues
      (fixed in mozilla-nspr and mozilla-nss packages)
  - requires NSPR 4.10.10 and NSS 3.19.2.1
  - added explicit appdata provides (bnc#952325)
* Mon Oct 05 2015 dmueller@suse.com
  - fix build on aarch64 by reusing the crashreporter conditional
    from MozillaFirefox
* Mon Sep 28 2015 wr@rosenauer.org
  - update to Thunderbird 38.3.0 (bnc#947003)
    * MFSA 2015-96/CVE-2015-4500
      Miscellaneous memory safety hazards
    * MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only)
      Arbitrary file manipulation by local user through Mozilla updater
    * MFSA 2015-101/CVE-2015-4506 (bmo#1192226)
      Buffer overflow in libvpx while parsing vp9 format video
    * MFSA 2015-105/CVE-2015-4511 (bmo#1200148)
      Buffer overflow while decoding WebM video
    * MFSA 2015-106/CVE-2015-4509 (bmo#1198435)
      Use-after-free while manipulating HTML media content
    * MFSA 2015-110/CVE-2015-4519 (bmo#1189814)
      Dragging and dropping images exposes final URL after redirects
    * MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869)
      Errors in the handling of CORS preflight request headers
    * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/
      CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/
      CVE-2015-7180
      Vulnerabilities found through code inspection
    * MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860,
      bmo#1190526) (Windows only)
      Memory safety errors in libGLES in the ANGLE graphics library
  - rebased patches
* Sat Aug 15 2015 wr@rosenauer.org
  - update to Thunderbird 38.2.0 (bnc#940806)
    * MFSA 2015-79/CVE-2015-4473
      Miscellaneous memory safety hazards
    * MFSA 2015-80/CVE-2015-4475 (bmo#1175396)
      Out-of-bounds read with malformed MP3 file
    * MFSA 2015-82/CVE-2015-4478 (bmo#1105914)
      Redefinition of non-configurable JavaScript object properties
    * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493
      Overflow issues in libstagefright
    * MFSA 2015-84/CVE-2015-4481 (bmo1171518)
      Arbitrary file overwriting through Mozilla Maintenance Service
      with hard links (only affected Windows)
    * MFSA 2015-85/CVE-2015-4482 (bmo#1184500)
      Out-of-bounds write with Updater and malicious MAR file
      (does not affect openSUSE RPM packages which do not ship the
      updater)
    * MFSA 2015-87/CVE-2015-4484 (bmo#1171540)
      Crash when using shared memory in JavaScript
    * MFSA 2015-88/CVE-2015-4491 (bmo#1184009)
      Heap overflow in gdk-pixbuf when scaling bitmap images
    * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148)
      Buffer overflows on Libvpx when decoding WebM video
    * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489
      Vulnerabilities found through code inspection
    * MFSA 2015-92/CVE-2015-4492 (bmo#1185820)
      Use-after-free in XMLHttpRequest with shared workers
* Wed Jul 08 2015 wr@rosenauer.org
  - update to Thunderbird 38.1.0 (bnc#935979)
    * MFSA 2015-59/CVE-2015-2724/CVE-2015-2725
      Miscellaneous memory safety hazards
    * MFSA 2015-60/CVE-2015-2727 (bmo#1163422)
      Local files or privileged URLs in pages can be opened into new tabs
    * MFSA 2015-61/CVE-2015-2728 (bmo#1142210)
      Type confusion in Indexed Database Manager
    * MFSA 2015-62/CVE-2015-2729 (bmo#1122218)
      Out-of-bound read while computing an oscillator rendering range in Web Audio
    * MFSA 2015-63/CVE-2015-2731 (bmo#1149891)
      Use-after-free in Content Policy due to microtask execution error
    * MFSA 2015-64/CVE-2015-2730 (bmo#1125025)
      ECDSA signature validation fails to handle some signatures correctly
      (this fix is shipped by NSS 3.19.1 externally)
    * MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867)
      Use-after-free in workers while using XMLHttpRequest
    * MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737
      CVE-2015-2738/CVE-2015-2739/CVE-2015-2740
      Vulnerabilities found through code inspection
    * MFSA 2015-67/CVE-2015-2741 (bmo#1147497)
      Key pinning is ignored when overridable errors are encountered
    * MFSA 2015-69/CVE-2015-2743 (bmo#1163109)
      Privilege escalation in PDF.js
    * MFSA 2015-70/CVE-2015-4000 (bmo#1138554)
      NSS accepts export-length DHE keys with regular DHE cipher suites
      (this fix is shipped by NSS 3.19.1 externally)
    * MFSA 2015-71/CVE-2015-2721 (bmo#1086145)
      NSS incorrectly permits skipping of ServerKeyExchange
      (this fix is shipped by NSS 3.19.1 externally)
  - requires NSS 3.19.2
* Fri Jun 19 2015 wr@rosenauer.org
  - update to Thunderbird 38.0.1
    * includes Lightning as default extension
  - rebased patches
  - removed obsolete patches:
    * mozilla-ppc.patch
    * mozilla-nullptr-gcc45.patch
    * mozilla-bug1024492.patch
  - dropped openSUSE specific patches
    * thunderbird-shared-nss-db.patch
    * mozilla-shared-nss-db.patch
      the provided feature seems not to be used and its maintenance
      is not worth the ongoing efforts
  - tb-develdirs.patch is now mozilla-develdirs.patch as it is a
    platform configuration now
* Thu Jun 18 2015 schwab@suse.de
  - mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration
* Thu May 28 2015 dmueller@suse.com
  - add mozilla-bug1024492.patch:
    * Fixes build against GCC 5.x
* Sat May 09 2015 wr@rosenauer.org
  - update to Thunderbird 31.7.0 (bnc#930622)
    * MFSA 2015-46/CVE-2015-2708
      Miscellaneous memory safety hazards
    * MFSA 2015-47/VE-2015-0797 (bmo#1080995)
      Buffer overflow parsing H.264 video with Linux Gstreamer
    * MFSA 2015-48/CVE-2015-2710 (bmo#1149542)
      Buffer overflow with SVG content and CSS
    * MFSA 2015-51/CVE-2015-2713 (bmo#1153478)
      Use-after-free during text processing with vertical text enabled
    * MFSA 2015-54/CVE-2015-2716 (bmo#1140537)
      Buffer overflow when parsing compressed XML
    * MFSA 2015-57/CVE-2011-3079 (bmo#1087565)
      Privilege escalation through IPC channel messages
* Tue Mar 31 2015 wr@rosenauer.org
  - update to Thunderbird 31.6.0 (bnc#925368)
    * MFSA 2015-30/CVE-2015-0815
      Miscellaneous memory safety hazards
    * MFSA 2015-31/CVE-2015-0813 (bmo#1106596))
      Use-after-free when using the Fluendo MP3 GStreamer plugin
    * MFSA 2015-33/CVE-2015-0816 (bmo#1144991)
      resource:// documents can load privileged pages
    * MFSA-2015-37/CVE-2015-0807 (bmo#1111834)
      CORS requests should not follow 30x redirections after preflight
    * MFSA-2015-40/CVE-2015-0801 (bmo#1146339)
      Same-origin bypass through anchor navigation
* Mon Feb 23 2015 wr@rosenauer.org
  - update to Thunderbird 31.5.0 (bnc#917597)
    * MFSA 2015-11/CVE-2015-0836
      Miscellaneous memory safety hazards
    * MFSA 2015-12/CVE-2015-0833 (bmo#945192)
      Invoking Mozilla updater will load locally stored DLL files
      (Windows only)
    * MFSA 2015-16/CVE-2015-0831 (bmo#1130514)
      Use-after-free in IndexedDB
    * MFSA 2015-19/CVE-2015-0827 (bmo#1117304)
      Out-of-bounds read and write while rendering SVG content
    * MFSA 2015-24/CVE-2015-0822 (bmo#1110557)
      Reading of local files through manipulation of form autocomplete
* Sat Jan 10 2015 wr@rosenauer.org
  - update to Thunderbird 31.4.0 (bnc#910669)
    * MFSA 2015-01/CVE-2014-8634/CVE-2014-8635
      Miscellaneous memory safety hazards
    * MFSA 2015-03/CVE-2014-8638 (bmo#1080987)
      sendBeacon requests lack an Origin header
    * MFSA 2015-04/CVE-2014-8639 (bmo#1095859)
      Cookie injection through Proxy Authenticate responses
  - added mozilla-icu-strncat.patch to fix post build checks
* Sun Nov 30 2014 wr@rosenauer.org
  - update to Thunderbird 31.3.0 (bnc#908009)
    * MFSA 2014-83/CVE-2014-1587
      Miscellaneous memory safety hazards
    * MFSA 2014-85/CVE-2014-1590 (bmo#1087633)
      XMLHttpRequest crashes with some input streams
    * MFSA 2014-87/CVE-2014-1592 (bmo#1088635)
      Use-after-free during HTML5 parsing
    * MFSA 2014-88/CVE-2014-1593 (bmo#1085175)
      Buffer overflow while parsing media content
    * MFSA 2014-89/CVE-2014-1594 (bmo#1074280)
      Bad casting from the BasicThebesLayer to BasicContainerLayer
* Sun Nov 16 2014 Led <ledest@gmail.com>
  - fix bashism in mozilla.sh script
* Tue Nov 04 2014 guillaume@opensuse.org
  - Limit RAM usage during link for ARM
* Sat Oct 25 2014 wr@rosenauer.org
  - remove add-plugins.sh and use /usr/share/myspell directly
    (bnc#900639)

Files

/usr/bin/thunderbird
/usr/lib64/thunderbird
/usr/lib64/thunderbird/application.ini
/usr/lib64/thunderbird/blocklist.xml
/usr/lib64/thunderbird/chrome
/usr/lib64/thunderbird/chrome.manifest
/usr/lib64/thunderbird/chrome/icons
/usr/lib64/thunderbird/chrome/icons/default
/usr/lib64/thunderbird/chrome/icons/default/default128.png
/usr/lib64/thunderbird/chrome/icons/default/default16.png
/usr/lib64/thunderbird/chrome/icons/default/default22.png
/usr/lib64/thunderbird/chrome/icons/default/default24.png
/usr/lib64/thunderbird/chrome/icons/default/default256.png
/usr/lib64/thunderbird/chrome/icons/default/default32.png
/usr/lib64/thunderbird/chrome/icons/default/default48.png
/usr/lib64/thunderbird/chrome/icons/default/default64.png
/usr/lib64/thunderbird/defaults
/usr/lib64/thunderbird/defaults/messenger
/usr/lib64/thunderbird/defaults/messenger/mailViews.dat
/usr/lib64/thunderbird/defaults/pref
/usr/lib64/thunderbird/defaults/pref/all-l10n.js
/usr/lib64/thunderbird/defaults/pref/all-opensuse.js
/usr/lib64/thunderbird/defaults/pref/channel-prefs.js
/usr/lib64/thunderbird/dependentlibs.list
/usr/lib64/thunderbird/distribution
/usr/lib64/thunderbird/distribution/extensions
/usr/lib64/thunderbird/distribution/extensions/{e2fda1a4-762b-4020-b5ad-a41df1933103}.xpi
/usr/lib64/thunderbird/features
/usr/lib64/thunderbird/features/wetransfer@extensions.thunderbird.net.xpi
/usr/lib64/thunderbird/fonts
/usr/lib64/thunderbird/fonts/TwemojiMozilla.ttf
/usr/lib64/thunderbird/gtk2
/usr/lib64/thunderbird/gtk2/libmozgtk.so
/usr/lib64/thunderbird/isp
/usr/lib64/thunderbird/isp/Bogofilter.sfd
/usr/lib64/thunderbird/isp/DSPAM.sfd
/usr/lib64/thunderbird/isp/POPFile.sfd
/usr/lib64/thunderbird/isp/SpamAssassin.sfd
/usr/lib64/thunderbird/isp/SpamPal.sfd
/usr/lib64/thunderbird/libldap60.so
/usr/lib64/thunderbird/libldif60.so
/usr/lib64/thunderbird/liblgpllibs.so
/usr/lib64/thunderbird/libmozgtk.so
/usr/lib64/thunderbird/libmozsqlite3.so
/usr/lib64/thunderbird/libmozwayland.so
/usr/lib64/thunderbird/libprldap60.so
/usr/lib64/thunderbird/libxul.so
/usr/lib64/thunderbird/omni.ja
/usr/lib64/thunderbird/pingsender
/usr/lib64/thunderbird/platform.ini
/usr/lib64/thunderbird/plugin-container
/usr/lib64/thunderbird/thunderbird-bin
/usr/lib64/thunderbird/thunderbird.sh
/usr/share/appdata
/usr/share/appdata/thunderbird.appdata.xml
/usr/share/applications/thunderbird.desktop
/usr/share/icons/hicolor/128x128/apps/thunderbird.png
/usr/share/icons/hicolor/16x16/apps/thunderbird.png
/usr/share/icons/hicolor/22x22/apps/thunderbird.png
/usr/share/icons/hicolor/24x24/apps/thunderbird.png
/usr/share/icons/hicolor/32x32/apps/thunderbird.png
/usr/share/icons/hicolor/48x48/apps/thunderbird.png
/usr/share/icons/hicolor/64x64/apps/thunderbird.png


Generated by rpm2html 1.8.1

Fabrice Bellet, Mon Feb 10 12:37:28 2020