Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

MozillaThunderbird-translations-other-102.3.1-1.1 RPM for i686

From OpenSuSE Tumbleweed for i686

Name: MozillaThunderbird-translations-other Distribution: openSUSE Tumbleweed
Version: 102.3.1 Vendor: openSUSE
Release: 1.1 Build date: Mon Oct 3 14:05:56 2022
Group: System/Localization Build host: lamb77
Size: 27512828 Source RPM: MozillaThunderbird-102.3.1-1.1.src.rpm
Packager: https://bugs.opensuse.org
Url: https://www.thunderbird.net/
Summary: Extra translations for Thunderbird
This package contains rarely used languages for the user interface
of Thunderbird.

Provides

Requires

License

MPL-2.0

Changelog

* Wed Sep 28 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 102.3.1
    * Compose window encryption options now only appear for encryption
      technologies that have already been configured
    * Number of contacts in currently selected address book now
      displayed at bottom of Address Book list column
    Fixes
    * Password prompt did not include server hostname for POP servers
    * Edit Contact was missing from Contacts sidebar context menus
    * Address Book contact lists cut off display of some characters,
      the result being unreadable
    MFSA 2022-43
    * CVE-2022-39249 (bmo#1791765)
      Matrix SDK bundled with Thunderbird vulnerable to an
      impersonation attack by malicious server administrators
    * CVE-2022-39250 (bmo#1791765)
      Matrix SDK bundled with Thunderbird vulnerable to a device
      verification attack
    * CVE-2022-39251 (bmo#1791765)
      Matrix SDK bundled with Thunderbird vulnerable to an
      impersonation attack
    * CVE-2022-39236 (bmo#1791765)
      Matrix SDK bundled with Thunderbird vulnerable to a data
      corruption issue
* Fri Sep 16 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 102.3.0
    https://www.thunderbird.net/en-US/thunderbird/102.3.0/releasenotes/
    * Thunderbird will no longer attempt to import account passwords
      when importing from another Thunderbird profile in order to
      prevent profile corruption and permanent data loss. (bmo#1790605)
    * Devtools performance profile will use Thunderbird presets
      instead of Web Developer presets (bmo#1785954)
    * Thunderbird startup performance improvements (bmo#1785967)
    * Saving email source and images failed (bmo#1777323, bmo#1778804)
    * Error message was shown repeatedly when temporary disk
      space was full (bmo#1788580)
    * Attaching OpenPGP keys without a set size to non-encrypted
      messages briefly displayed a size of zero bytes (bmo#1788952)
    * Global Search entry box initially contained "undefined" (bmo#1780963)
    * Delete from POP Server mail filter rule intermittently
      failed to trigger (bmo#1789418)
    * Connections to POP3 servers without UIDL support failed (bmo#1789314)
    * Pop accounts with "Fetch headers only" set downloaded complete
      messages if server did not advertise TOP capability (bmo#1789356)
    * "File -> New -> Address Book Contact" from Compose window did
      not work (bmo#1782418)
    * Attach "My vCard" option in compose window was not available
      (bmo#1787614)
    * Improved performance of matching a contact to an email address
      (bmo#1782725)
    * Address book only recognized a contact's first two email
      addresses (bmo#1777156)
    * Address book search and autocomplete failed if a contact vCard
      could not be parsed (bmo#1789793)
    * Downloading NNTP messages for offline use failed (bmo#1785773)
    * NNTP client became stuck when connecting to Public-Inbox servers
      (bmo#1786203, boo#1203554)
    * Various visual and UX improvements (bmo#1782235, bmo#1787448,
      bmo#1788725, bmo#1790324)
    * unresolved: No dedicated "Department" field in address book
      (bmo#1777780)
    MFSA 2022-42 (bsc#1203477)
    * CVE-2022-40959 (bmo#1782211)
      Bypassing FeaturePolicy restrictions on transient pages
    * CVE-2022-40960 (bmo#1787633)
      Data-race when parsing non-UTF-8 URLs in threads
    * CVE-2022-40958 (bmo#1779993)
      Bypassing Secure Context restriction for cookies with __Host
      and __Secure prefix
    * CVE-2022-40956 (bmo#1770094)
      Content-Security-Policy base-uri bypass
    * CVE-2022-40957 (bmo#1777604)
      Incoherent instruction cache when building WASM on ARM64
    * CVE-2022-3155 (bmo#1789061)
      Attachment files saved to disk on macOS could be executed
      without warning
    * CVE-2022-40962 (bmo#1767360, bmo#1776655, bmo#1777574, bmo#1784835,
      bmo#1785109, bmo#1786502, bmo#1789440)
      Memory safety bugs fixed in Thunderbird 102.3
* Thu Sep 08 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 102.2.2
    https://www.thunderbird.net/en-US/thunderbird/102.2.2/releasenotes/
    * Setting added to change Calendar event double-click action to
      open Edit Event dialog rather than view only;
      Set calendar.events.defaultActionEdit to true
    * Running Compact Folders on maildir folders caused a redownload
      of all messages in the folder
    * Accessing mail folders in profiles with many folders was slow
    * SMTP servers were not always properly initialized, and were not
      listed in Account Settings
    * APOP authentication unsupported when connecting to POP3 server
    * OpenPGP key discovery failed
    * POP accounts hosted by AOL were not able to authenticate using OAuth2
    * Unable to open context menu in newsgroups header for groups
      that are not subscribed
* Thu Sep 08 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 102.2.2
    https://www.thunderbird.net/en-US/thunderbird/102.2.2/releasenotes/
    * Setting added to change Calendar event double-click action to
      open Edit Event dialog rather than view only;
      Set calendar.events.defaultActionEdit to true
    * Running Compact Folders on maildir folders caused a redownload
      of all messages in the folder
    * Accessing mail folders in profiles with many folders was slow
    * SMTP servers were not always properly initialized, and were not
      listed in Account Settings
    * APOP authentication unsupported when connecting to POP3 server
    * OpenPGP key discovery failed
    * POP accounts hosted by AOL were not able to authenticate using OAuth2
    * Unable to open context menu in newsgroups header for groups
      that are not subscribed
* Thu Sep 01 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 102.2.1
    MFSA 2022-38 (bsc#1203007)
    * CVE-2022-3033 (bmo#1784838)
      Leaking of sensitive information when composing a response to
      an HTML email with a META refresh tag
    * CVE-2022-3032 (bmo#1783831)
      Remote content specified in an HTML document that was nested
      inside an iframe's srcdoc attribute was not blocked
    * CVE-2022-3034 (bmo#1745751)
      An iframe element in an HTML email could trigger a network
      request
    * CVE-2022-36059 (bmo#1787741)
      Matrix SDK bundled with Thunderbird vulnerable to denial-of-
      service attack
* Fri Aug 19 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 102.2.0
    * https://www.thunderbird.net/en-US/thunderbird/102.2.0/releasenotes/
    MFSA 2022-36 (bsc#1202645)
    * CVE-2022-38472 (bmo#1769155)
      Address bar spoofing via XSLT error handling
    * CVE-2022-38473 (bmo#1771685)
      Cross-origin XSLT Documents would have inherited the parent's
      permissions
    * CVE-2022-38476 (bmo#1760998)
      Data race and potential use-after-free in PK11_ChangePW
    * CVE-2022-38477 (bmo#1760611, bmo#1770219, bmo#1771159, bmo#1773363)
      Memory safety bugs fixed in Thunderbird 102.2
    * CVE-2022-38478 (bmo#1770630, bmo#1776658)
      Memory safety bugs fixed in Thunderbird 102.2, and
      Thunderbird 91.13
  - disabled automatic usage of wayland because of known issues
    using MOZ_ENABLE_WAYLAND=1 in environment would still enable it
    (boo#1202606)
* Sun Aug 14 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - added mozilla-glibc236.patch (bmo#1782988, boo#1202323)
* Tue Aug 09 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 102.1.2
    * fix for bmo#1777765 (no POP download progress bar) was backed
      out from this release to address broken POP message download
      with Fetch headers only selected in Account Settings (bmo#1783552)
* Mon Aug 08 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 102.1.1
    Bugfixes:
    * https://www.thunderbird.net/en-US/thunderbird/102.1.1/releasenotes/
* Tue Jul 26 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 102.1.0
    * https://www.thunderbird.net/en-US/thunderbird/102.1.0/releasenotes
    MFSA 2022-32 (bsc#1201758)
    * CVE-2022-36319 (bmo#1737722)
      Mouse Position spoofing with CSS transforms
    * CVE-2022-36318 (bmo#1771774)
      Directory indexes for bundled resources reflected URL parameters
    * CVE-2022-36314 (bmo#1773894)
      Opening local <code>.lnk</code> files could cause unexpected
      network loads
    * CVE-2022-2505 (bmo#1769739, bmo#1772824)
      Memory safety bugs fixed in Thunderbird 102.1
  - added mozilla-newer-cbindgen.patch to fix build with
    rust-cbindgen >= 0.24 (and also require that for build)
  - added mozilla-pgo.patch to fix LTO builds with gcc
* Tue Jul 19 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 102.0.3
    Bugfixes as in
    * https://www.thunderbird.net/en-US/thunderbird/102.0.3/releasenotes/
* Sat Jul 09 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 102.0.2
    * https://www.thunderbird.net/en-US/thunderbird/102.0/releasenotes/
  - removed obsolete patches
    mozilla-bmo1504834-part2.patch
    mozilla-bmo1504834-part4.patch
    mozilla-bmo1602730.patch
    mozilla-bmo1626236.patch
    mozilla-bmo1724679.patch
    mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
    mozilla-sandbox-fips.patch
  - added patches inherited from FF 102
    one_swizzle_to_rule_them_all.patch
    svg-rendering.patch
  - fix KDE detection (boo#1200987) in mozilla-kde.patch
  - requires
    rust = 1.60
    NSPR >= 4.34
    NSS >= 3.79
    rust-cbindgen >= 0.23.0
  - remove special breakpad debug symbol creation
* Sun Jun 26 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 91.11.0
    * CLIENTID fix for bmo#1759197 in Thunderbird 91.8.1 did not work
      additional fix applied
    * "Save-As" attachment dialog did not have filename pre-populated
    MFSA 2022-26 (bsc#1200793)
    * CVE-2022-34479 (bmo#1745595)
      A popup window could be resized in a way to overlay the
      address bar with web content
    * CVE-2022-34470 (bmo#1765951)
      Use-after-free in nsSHistory
    * CVE-2022-34468 (bmo#1768537)
      CSP sandbox header without `allow-scripts` can be bypassed
      via retargeted javascript: URI
    * CVE-2022-2226 (bmo#1775441)
      An email with a mismatching OpenPGP signature date was
      accepted as valid
    * CVE-2022-34481 (bmo#1497246)
      Potential integer overflow in ReplaceElementsAt
    * CVE-2022-31744 (bmo#1757604)
      CSP bypass enabling stylesheet injection
    * CVE-2022-34472 (bmo#1770123)
      Unavailable PAC file resulted in OCSP requests being blocked
    * CVE-2022-34478 (bmo#1773717)
      Microsoft protocols can be attacked if a user accepts a prompt
    * CVE-2022-2200 (bmo#1771381)
      Undesired attributes could be set as part of prototype pollution
    * CVE-2022-34484 (bmo#1763634, bmo#1772651)
      Memory safety bugs fixed in Thunderbird 91.11 and Thunderbird 102
* Thu May 26 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 91.10.0
    * Various UX and theme improvements
    MFSA 2022-22 (bsc#1200027)
    * CVE-2022-31736 (bmo#1735923)
      Cross-Origin resource's length leaked
    * CVE-2022-31737 (bmo#1743767)
      Heap buffer overflow in WebGL
    * CVE-2022-31738 (bmo#1756388)
      Browser window spoof using fullscreen mode
    * CVE-2022-31739 (bmo#1765049)
      Attacker-influenced path traversal when saving downloaded
      files
    * CVE-2022-31740 (bmo#1766806)
      Register allocation problem in WASM on arm64
    * CVE-2022-31741 (bmo#1767590)
      Uninitialized variable leads to invalid memory read
    * CVE-2022-1834 (bmo#1767816)
      Braille space character caused incorrect sender email to be
      shown for a digitally signed email
    * CVE-2022-31742 (bmo#1730434)
      Querying a WebAuthn token with a large number of
      allowCredential entries may have leaked cross-origin
      information
    * CVE-2022-31747 (bmo#1760765, bmo#1765610, bmo#1766283,
      bmo#1767365, bmo#1768559, bmo#1768734)
      Memory safety bugs fixed in Thunderbird 91.10
* Sat May 21 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 91.9.1
    MFSA 2022-19 (bsc#1199768)
    * CVE-2022-1802 (bmo#1770137)
      Prototype pollution in Top-Level Await implementation
    * CVE-2022-1529 (bmo#1770048)
      Untrusted input used in JavaScript object indexing, leading
      to prototype pollution
* Mon May 02 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 91.9.0
    * A warning is now displayed if an OpenPGP key has unsafe
      attributes that are ignored
    * OpenPGP integration in Thunderbird 91.8.0 and 91.8.1 did not
      allow SHA-1 key signatures
    * CalDAV calendars were marked read-only on startup
    MFSA 2022-18 (bsc#1198970)
    * CVE-2022-1520 (bmo#1745019)
      Incorrect security status shown after viewing an attached
      email
    * CVE-2022-29914 (bmo#1746448)
      Fullscreen notification bypass using popups
    * CVE-2022-29909 (bmo#1755081)
      Bypassing permission prompt in nested browsing contexts
    * CVE-2022-29916 (bmo#1760674)
      Leaking browser history with CSS variables
    * CVE-2022-29911 (bmo#1761981)
      iframe sandbox bypass
    * CVE-2022-29912 (bmo#1692655)
      Reader mode bypassed SameSite cookies
    * CVE-2022-29913 (bmo#1764778)
      Speech Synthesis feature not properly disabled
    * CVE-2022-29917 (bmo#1684739, bmo#1706441, bmo#1753298,
      bmo#1762614, bmo#1762620)
      Memory safety bugs fixed in Thunderbird 91.9
* Sat Apr 16 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 91.8.1
    * CLIENTID extension to SMTP was not supported by smtp-js#
    * Additional SMTP errors now propagated to user
    * OpenPGP was not able to use some previously supported key types
    * OpenPGP Key Manager did not always display correct information
      after importing additional IDs
    * Duplicate new mail notifications could be displayed when
      server-side filters were in use
    * Cancelling an SMTP password entry resulted in multiple failure
      dialogs being displayed
* Tue Apr 12 2022 Martin Liška <mliska@suse.cz>
  - Set memory limits for DWZ to 4x.
* Sat Apr 02 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 91.8.0
    * Google accounts using password authentication will be migrated
      to OAuth2.
    * bugfixes
      https://www.thunderbird.net/en-US/thunderbird/91.8.0/releasenotes
    MFSA 2022- (bsc#1197903)
  - update create-tar.sh
* Thu Mar 17 2022 Dirk Müller <dmueller@suse.com>
  - skip slow workers, this is a tough build job
* Sun Mar 06 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 91.7.0
    * Thunderbird will use the first occurrence of headers that should
      only appear once
    * Auto-complete incorrectly changed a pasted email address to the
      primary address of a contact
    * Attachments with filename extensions that were not registered in
      MIME types could not be opened
    * Copy/Cut/Paste actions not working in Thunderbird Preferences
    * Improved screen reader support of displayed message headers
    MFSA 2022-12 (bsc#1196900)
    * CVE-2022-26383 (bmo#1742421)
      Browser window spoof using fullscreen mode
    * CVE-2022-26384 (bmo#1744352)
      iframe allow-scripts sandbox bypass
    * CVE-2022-26387 (bmo#1752979)
      Time-of-check time-of-use bug when verifying add-on signatures
    * CVE-2022-26381 (bmo#1736243)
      Use-after-free in text reflows
    * CVE-2022-26386 (bmo#1752396)
      Temporary files downloaded to /tmp and accessible by other
      local users
* Sun Mar 06 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 91.6.2
    MFSA 2022-09
    * CVE-2022-26485 (bmo#1758062)
      Use-after-free in XSLT parameter processing
    * CVE-2022-26486 (bmo#1758070)
      Use-after-free in WebGPU IPC Framework
* Tue Feb 15 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 91.6.1
    * generated views of meeting invitations are now expanded by default
    * Emails were not downloading at startup under some conditions
    * Port numbers were not shown in "Confirm Security Exception"
      dialog for CalDAV connections
    MFSA 2022-07 (bsc#1196072)
    * CVE-2022-0566 (bmo#1753094)
      Crafted email could trigger an out-of-bounds write
* Sat Feb 05 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 91.6.0
    * TB will now offer to send large forwarded attachments via FileLink
    * Partially signed unencrypted messages displayed an incorrect
      "parrtially encrypted" notification
    * Attachments filenames were not sanitized before saving to disk
    * In the attachment bar, the "Import OpenPGP Key" item displayed
      for public keys displayed an error and did not import the key
    * "Open with" attachment dialog did not have a selected radio
      button option
    MFSA 2022-06 (bsc#1195682)
    * CVE-2022-22753 (bmo#1732435)
      Privilege Escalation to SYSTEM on Windows via Maintenance
      Service
    * CVE-2022-22754 (bmo#1750565)
      Extensions could have bypassed permission confirmation during
      update
    * CVE-2022-22756 (bmo#1317873)
      Drag and dropping an image could have resulted in the dropped
      object being an executable
    * CVE-2022-22759 (bmo#1739957)
      Sandboxed iframes could have executed script if the parent
      appended elements
    * CVE-2022-22760 (bmo#1740985, bmo#1748503)
      Cross-Origin responses could be distinguished between script
      and non-script content-types
    * CVE-2022-22761 (bmo#1745566)
      frame-ancestors Content Security Policy directive was not
      enforced for framed extension pages
    * CVE-2022-22763 (bmo#1740534)
      Script Execution during invalid object state
    * CVE-2022-22764 (bmo#1742682, bmo#1744165, bmo#1746545,
      bmo#1748210, bmo#1748279)
      Memory safety bugs fixed in Thunderbird 91.6
  - do not use ccache by default
  - removed obsolete mozilla-bmo1745560.patch
* Sat Jan 22 2022 Manfred Hollstein <manfred.h@gmx.net>
  - Mozilla Thunderbird 91.5.1
    * JS LDAP implementation did not support self-signed SSL certificates
    * After saving a draft and subsequently sending a FileLink email,
      the original file was removed from disk
    * Chat OTR encryption did not work
    * OTR verification bar was not removed after completing verification
    * Various theme improvements
* Thu Jan 20 2022 Martin Liška <mliska@suse.cz>
  - Enable -fimplicit-constexpr for GCC 12+.
* Fri Jan 07 2022 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 91.5.0
    https://www.thunderbird.net/en-US/thunderbird/91.5.0/releasenotes
    MFSA 2022-03 (bsc#1194547)
    * CVE-2022-22746 (bmo#1735071)
      Calling into reportValidity could have lead to fullscreen
      window spoof
    * CVE-2022-22743 (bmo#1739220)
      Browser window spoof using fullscreen mode
    * CVE-2022-22742 (bmo#1739923)
      Out-of-bounds memory access when inserting text in edit mode
    * CVE-2022-22741 (bmo#1740389)
      Browser window spoof using fullscreen mode
    * CVE-2022-22740 (bmo#1742334)
      Use-after-free of ChannelEventQueue::mOwner
    * CVE-2022-22738 (bmo#1742382)
      Heap-buffer-overflow in blendGaussianBlur
    * CVE-2022-22737 (bmo#1745874)
      Race condition when playing audio files
    * CVE-2021-4140 (bmo#1746720)
      Iframe sandbox bypass with XSLT
    * CVE-2022-22748 (bmo#1705211)
      Spoofed origin on external protocol launch dialog
    * CVE-2022-22745 (bmo#1735856)
      Leaking cross-origin URLs through securitypolicyviolation event
    * CVE-2022-22744 (bmo#1737252)
      The 'Copy as curl' feature in DevTools did not fully escape
      website-controlled data, potentially leading to command injection
    * CVE-2022-22747 (bmo#1735028)
      Crash when handling empty pkcs7 sequence
    * CVE-2022-22739 (bmo#1744158)
      Missing throttling on external protocol launch dialog
    * CVE-2022-22751 (bmo#1664149, bmo#1737816, bmo#1739366,
      bmo#1740274, bmo#1740797, bmo#1741201, bmo#1741869, bmo#1743221,
      bmo#1743515, bmo#1745373, bmo#1746011)
      Memory safety bugs fixed in Thunderbird 91.5
* Tue Dec 28 2021 Bjørn Lie <bjorn.lie@gmail.com>
  - Add mozilla-bmo1745560.patch: Fix build against wayland 1.20.
* Fri Dec 17 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 91.4.1
    * several fixes as outlined here
      https://www.thunderbird.net/en-US/thunderbird/91.4.1/releasenotes/
    MFSA 2021-55 (bsc#1193845)
    * CVE-2021-4126 (bmo#1732310)
      OpenPGP signature status doesn't consider additional message
      content
    * CVE-2021-44538 (bmo#1744056)
      Matrix chat library libolm bundled with Thunderbird
      vulnerable to a buffer overflow
  - updated _constraints
* Thu Dec 02 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 91.4.0
    * several fixes as outlined here
      https://www.thunderbird.net/en-US/thunderbird/91.4.0/releasenotes
    MFSA 2021-54 (bsc#1193485)
    * CVE-2021-43536 (bmo#1730120)
      URL leakage when navigating while executing asynchronous
      function
    * CVE-2021-43537 (bmo#1738237)
      Heap buffer overflow when using structured clone
    * CVE-2021-43538 (bmo#1739091)
      Missing fullscreen and pointer lock notification when
      requesting both
    * CVE-2021-43539 (bmo#1739683)
      GC rooting failure when calling wasm instance methods
    * CVE-2021-43541 (bmo#1696685)
      External protocol handler parameters were unescaped
    * CVE-2021-43542 (bmo#1723281)
      XMLHttpRequest error codes could have leaked the existence of
      an external protocol handler
    * CVE-2021-43543 (bmo#1738418)
      Bypass of CSP sandbox directive when embedding
    * CVE-2021-43545 (bmo#1720926)
      Denial of Service when using the Location API in a loop
    * CVE-2021-43546 (bmo#1737751)
      Cursor spoofing could overlay user interface when native
      cursor is zoomed
    * CVE-2021-43528 (bmo#1742579)
      JavaScript unexpectedly enabled for the composition area
    * MOZ-2021-0009 (bmo#1393362, bmo#1736046, bmo#1736751,
      bmo#1737009, bmo#1739372, bmo#1739421)
      Memory safety bugs fixed in Thunderbird 91.4.0
* Thu Nov 25 2021 Bjørn Lie <bjorn.lie@gmail.com>
  - Drop unused libidl-devel BuildRequires.
* Sat Nov 20 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 91.3.2
    * Date selection in Calendar print settings widget changed to use
      mini calendar widget
    * OpenPGP: Botan updated to 2.18.2; addresses CVE-2021-40529
      boo#1189244
    * Bugfixes as outlined in release notes
      https://www.thunderbird.net/en-US/thunderbird/91.3.2/releasenotes/
* Sat Nov 13 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 91.3.1
    * OpenPGP public keys will no longer count as an attachment in
      the message list
    * Adding a search engine via URL now supported
    * FileLink messages' template updated; Thunderbird advertisement
      removed
    * After an update, Thunderbird will now check installed addons
      for updates
    * Bugfixes as outlined in release notes
      https://www.thunderbird.net/en-US/thunderbird/91.3.1/releasenotes/
* Sun Oct 31 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 91.3.0
    * several fixes as outlined here
      https://www.thunderbird.net/en-US/thunderbird/91.3.0/releasenotes/
    MFSA 2021-50  (bsc#1192250)
    * CVE-2021-38503 (bmo#1729517)
      iframe sandbox rules did not apply to XSLT stylesheets
    * CVE-2021-38504 (bmo#1730156)
      Use-after-free in file picker dialog
    * CVE-2021-38505 (bmo#1730194)
      Windows 10 Cloud Clipboard may have recorded sensitive user data
    * CVE-2021-38506 (bmo#1730750)
      Thunderbird could be coaxed into going into fullscreen mode
      without notification or warning
    * CVE-2021-38507 (bmo#1730935)
      Opportunistic Encryption in HTTP2 could be used to bypass the
      Same-Origin-Policy on services hosted on other ports
    * MOZ-2021-0008 (bmo#1667102)
      Use-after-free in HTTP2 Session object
    * CVE-2021-38508 (bmo#1366818)
      Permission Prompt could be overlaid, resulting in user
      confusion and potential spoofing
    * CVE-2021-38509 (bmo#1718571)
      Javascript alert box could have been spoofed onto an
      arbitrary domain
    * CVE-2021-38510 (bmo#1731779)
      Download Protections were bypassed by .inetloc files on Mac OS
    * MOZ-2021-0007 (bmo#1606864, bmo#1712671, bmo#1730048,
      bmo#1735152)
      Memory safety bugs fixed in Thunderbird ESR 91.3
  - Drop unused pkgconfig(gdk-x11-2.0) BuildRequires
* Fri Oct 22 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 91.2.1
    * Preference added to disable automatic pausing RSS feed updates
      after a fetch failure
    * several bugfixes as outlined in release notes
      https://www.thunderbird.net/en-US/thunderbird/91.2.1/releasenotes/
* Fri Oct 22 2021 Guillaume GARDET <guillaume.gardet@opensuse.org>
  - Increase memory required per threads for aarch64 to avoid OOM
* Thu Oct 21 2021 Martin Liška <mliska@suse.cz>
  - Enable LTO on Tumbleweed.
* Fri Oct 15 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - add mozilla-bmo1724679.patch (bmo#1724679, boo#1182863)
    fix some env variables which are enabled for any value
* Mon Oct 04 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 91.2.0
    * Saving a single message as .eml now uses a unique filename
    * New mail notifications did not properly take subfolders into account
    * Decrypting binary attachments when using an external GnuPG
      configuration failed
    * Account name fields in the account manager were not big enough
      for long names
    * LDAP searches using an extensibleMatch filter returned no results
    * Read-only CalDAV calendars and CardDAV address books were not detected
    * Multipart messages containing a calendar invite did not display
      any of the human-readable alternatives
    * Some calendar days were displayed incorrectly or duplicated
      (eg. two "29th" days of a particular month)
    * Phantom event was shown at the end of each day in Calendar week view
    MFSA 2021-46 (bsc#1191332)
    * CVE-2021-38496 (bmo#1725335)
      Use-after-free in MessageTask
    * CVE-2021-38497 (bmo#1726621)
      Validation message could have been overlaid on another origin
    * CVE-2021-38498 (bmo#1729642)
      Use-after-free of nsLanguageAtomService object
    * CVE-2021-32810 (bmo#1729813,
      https://github.com/crossbeam-
      rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw)
      Data race in crossbeam-deque
    * CVE-2021-38500 (bmo#1725854, bmo#1728321)
      Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15,
      and Firefox ESR 91.2
    * CVE-2021-38501 (bmo#1685354, bmo#1715755, bmo#1723176)
      Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
* Sun Sep 26 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 91.1.2
    * Thunderbird will now warn if an S/MIME encrypted message includes
      BCC recipients
    * several bugfixes listed on
      https://www.thunderbird.net/en-US/thunderbird/91.1.2/releasenotes/
* Wed Sep 15 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 91.1.1
    * Menu item for disabling subject encryption for a single message added
    * Printing messages that are not currently displayed is no longer
      supported, including printing multiple messages at once
    * for bugfixes see
      https://www.thunderbird.net/en-US/thunderbird/91.1.1/releasenotes
  - MOZ_ENABLE_WAYLAND env variable now overrides automatic detection
    if already set before startup
* Thu Sep 02 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 91.1.0
    * Thunderbird registered Accessibility Handlers using same GUIDs
      as Firefox, causing performance issues for NVDA users
    * Focus lost when reordering accounts by keyboard in the Account Manager
    * Account setup did not use provider display name for setting up
      calendars
    * Various theme and UX fixes
    MFSA 2021-41 (bsc#1190269)
    * CVE-2021-38492 (bmo#1721107)
      Navigating to `mk:` URL scheme could load Internet Explorer
    * CVE-2021-38495 (bmo#1723391, bmo#1723920, bmo#1724101,
      bmo#1724107)
      Memory safety bugs fixed in Thunderbird 91.1
  - (re-)added mozilla-silence-no-return-type.patch
  - add mozilla-bmo531915.patch to fix build for i586
* Fri Aug 27 2021 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Thunderbird 91.0.3:
    * fixed: Folder icons could be overridden by linked favicons in
      HTML messages
    * fixed: Unified folders showed no messages when underlying
      folders were removed
    * fixed: Folder pane toolbar did not always persist after
      restarting Thunderbird
    * fixed: Compose window attachment pane did not close when
      disabling signing of an OpenPGP message
    * fixed: Using "Reply to List" with some list emails
      incorrectly opened a "no-reply" warning
    * fixed: Account setup UX issues with Exchange autodiscover
    * fixed: Account settings did not display non-UTF-8 server
      descriptions correctly
    * fixed: Thunderbird sometimes sent an unnecessary "SMTPUTF8",
      causing some servers to reject mail
    * fixed: No mouseover pop was displayed with event details for
      non-all-day events in the Today Pane
    * fixed: Filtering tasks in the Today Pane did not work
    * fixed: Email based event scheduling displayed the date and
      time in a format unreadable by humans
* Fri Aug 27 2021 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Thunderbird 91.0.2:
    * new: Tags are now colored in mail filter editor
    * changed: Context menu items related to OpenPGP and
      attachments are now hidden when not applicable
    * fixed: Creating a new account with manual setup failed
    * fixed: Recipient autocomplete always preferred the primary
      email address for a contact
    * fixed: LDAP performance improvements
    * fixed: Extensions listed on the Recommended Addons did not
      have a clear way to view details in a browser
    * fixed: Status checkmark on View > Calendar > Calendar Pane >
      Show Calendar Pane was reversed
    * fixed: mid: URLs in calendar invites did not open the linked
      mail message
    * fixed: Various theme and UX fixes
* Tue Aug 17 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 91.0.1
    MFSA 2021-37 (bsc#1189547)
    * CVE-2021-29991 (bmo#1724896)
      Header Splitting possible with HTTP/3 Responses
  - appdate screenshot URL updated (by mailaender@opensuse.org)
* Sun Aug 15 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 91.0
    * based on Mozilla's 91 ESR codebase
    * many new and changed features
      https://www.thunderbird.net/en-US/thunderbird/91.0/releasenotes/#whatsnew
    * Renamed "Add-ons" to "Add-ons and Themes" and "Options" to "Preferences"
    * Thunderbird now operates in multi-process (e10s) mode by default
    * New user interface for adding attachments
    * Enable redirect of messages
    * CardDAV address book support
  - Removed obsolete patches:
    * mozilla-bmo1463035.patch
    * mozilla-ppc-altivec_static_inline.patch
    * mozilla-pipewire-0-3.patch
    * mozilla-bmo1554971.patch
  - add mozilla-libavcodec58_91.patch
  - removed obsolete BigEndian ICU build workaround
  - updated build requirements
  - build using clang
* Thu Aug 05 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 78.13.0
    * removed WeTransfer integration package (not supported by vendor
      any longer)
    MFSA 2021-35 (bsc#1188891)
    * CVE-2021-29986 (bmo#1696138)
      Race condition when resolving DNS names could have led to
      memory corruption
    * CVE-2021-29988 (bmo#1717922)
      Memory corruption as a result of incorrect style treatment
    * CVE-2021-29984 (bmo#1720031)
      Incorrect instruction reordering during JIT optimization
    * CVE-2021-29980 (bmo#1722204)
      Uninitialized memory in a canvas object could have led to
      memory corruption
    * CVE-2021-29985 (bmo#1722083)
      Use-after-free media channels
    * CVE-2021-29989 (bmo#1662676, bmo#1666184, bmo#1719178,
      bmo#1719998, bmo#1720568)
      Memory safety bugs fixed in Thunderbird 78.13
* Wed Jul 14 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 78.12.0
    MFSA 2021-30 (bsc#1188275)
    * CVE-2021-29969 (bmo#1682370)
      IMAP server responses sent by a MITM prior to STARTTLS could be
      processed
    * CVE-2021-29970 (bmo#1709976)
      Use-after-free in accessibility features of a document
    * CVE-2021-30547 (bmo#1715766)
      Out of bounds write in ANGLE
    * CVE-2021-29976 (bmo#1700895, bmo#1703334, bmo#1706910,
      bmo#1711576, bmo#1714391)
      Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12
* Sat May 29 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 78.11.0
    * OpenPGP could not be disabled for an account if a key was
      previously configured
    * Recipients were unable to decrypt some messages when the sender
      had changed the message encryption from OpenPGP to S/MIME
    * Contacts moved between CardDAV address books were not synced to
      the new server
    * CardDAV compatibility fixes for Google Contacts
    MFSA 2021-26 (bsc#1186696)
    * CVE-2021-29964 (bmo#1706501)
      Out of bounds-read when parsing a `WM_COPYDATA` message
    * CVE-2021-29967 (bmo#1602862, bmo#1703191, bmo#1703760,
      bmo#1704722, bmo#1706041)
      Memory safety bugs fixed in Thunderbird 78.11
  - renewed expired mozilla.keyring
* Fri May 14 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 78.10.2
    * Added support for importing OpenPGP keys without a primary
      secret key
    * Add-ons manager displays a preferences icon for mail extensions
      that include an options page
    Fixed
    * OpenPGP messages with a high compression ratio (over 10x) could
      not be decrypted
    * Selected OpenPGP key was lost after opening the Key Properties
      dialog in Account Settings
    * Parsing some OpenPGP user IDs failed
    * Various improvements to OpenPGP partial encryption reminders
    * Mail toolbar buttons were too big when displaying both icons
      and text
    MFSA 2021-22
    * CVE-2021-29956 (boo#1186199, bmo#1710290)
      Thunderbird stored OpenPGP secret keys without master password
      protection
    * CVE-2021-29957 (boo#1186198, bmo#1673241)
      Partial protection of inline OpenPGP message not indicated
  - do not rely on nodejs10 explicitely
* Tue May 04 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 78.10.1
    * Remove the fix for bmo#1689804 introduced in 78.9.0,
      restoring the previous behavior
    * MFSA 2021-19 (bsc#1185633) does not affect this platform
* Sun Apr 18 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 78.10.0
    MFSA 2021-14 (bsc#1184960)
    * CVE-2021-23994 (bmo#1699077)
      Out of bound write due to lazy initialization
    * CVE-2021-23995 (bmo#1699835)
      Use-after-free in Responsive Design Mode
    * CVE-2021-23998 (bmo#1667456)
      Secure Lock icon could have been spoofed
    * CVE-2021-23961 (bmo#1677940)
      More internal network hosts could have been probed by a
      malicious webpage
    * CVE-2021-23999 (bmo#1691153)
      Blob URLs may have been granted additional privileges
    * CVE-2021-24002 (bmo#1702374)
      Arbitrary FTP command execution on FTP servers using an
      encoded URL
    * CVE-2021-29945 (bmo#1700690)
      Incorrect size computation in WebAssembly JIT could lead to
      null-reads
    * CVE-2021-29946 (bmo#1698503)
      Port blocking could be bypassed
    * CVE-2021-29948 (bmo#1692899)
      Race condition when reading from disk while verifying
      signatures
  - recommend libotr5
* Sat Apr 10 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 78.9.1
    * Support recipient aliases for OpenPGP encryption
    * The key and signature parts of the message security popup on a
      received message could not be selected for copy/paste
    * Various UX and theme improvements
    MFSA 2021-13
    * CVE-2021-23991 (bmo#1673240)
      An attacker may use Thunderbird's OpenPGP key refresh mechanism
      to poison an existing key
    * MOZ-2021-23992 (bmo#1666236)
      A crafted OpenPGP key with an invalid user ID could be used to
      confuse the user
    * CVE-2021-23993 (bmo#1666360)
      Inability to send encrypted OpenPGP email after importing a
      crafted OpenPGP key
* Sat Mar 20 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 78.9.0
    * bugfixes:
      https://www.thunderbird.net/en-US/thunderbird/78.9.0/releasenotes
    MFSA 2021-12 (boo#1183942)
    * CVE-2021-23981 (bmo#1692832)
      Texture upload into an unbound backing buffer resulted in an
      out-of-bound read
    * MOZ-2021-0002 (bmo#1691547)
      Angle graphics library out of date
    * CVE-2021-23982 (bmo#1677046)
      Internal network hosts could have been probed by a malicious
      webpage
    * CVE-2021-23984 (bmo#1693664)
      Malicious extensions could have spoofed popup information
    * CVE-2021-23987 (bmo#1513519, bmo#1683439, bmo#1690169, bmo#1690718)
      Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
  - cleaned up and fixed mozilla.sh.in for wayland (boo#1177542)
* Sun Mar 07 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 78.8.1
    * several bugfixes and improvements
    * https://www.thunderbird.net/en-US/thunderbird/78.8.1/releasenotes/
  - updated create-tar.sh (bsc#1182357)
* Fri Feb 19 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 78.8.0
    * various bugfixes
    MFSA 2021-09 (bsc#1182614)
    * CVE-2021-23969 (bmo#1542194)
      Content Security Policy violation report could have contained
      the destination of a redirect
    * CVE-2021-23968 (bmo#1687342)
      Content Security Policy violation report could have contained
      the destination of a redirect
    * CVE-2021-23973 (bmo#1690976)
      MediaError message property could have leaked information
      about cross-origin resources
    * CVE-2021-23978 (bmo#786797, bmo#1682928, bmo#1687391,
      bmo#1687597)
      Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
* Fri Feb 05 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 78.7.1
    * CardDAV address books now support OAuth2 and Google Contacts
    * Thunderbird will no longer allow installation of addons that
      use legacy APIs
* Tue Jan 26 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 78.7.0
    MFSA 2021-05 (bsc#1181414)
    * CVE-2021-23953 (bmo#1683940)
      Cross-origin information leakage via redirected PDF requests
    * CVE-2021-23954 (bmo#1684020)
      Type confusion when using logical assignment operators in
      JavaScript switch statements
    * CVE-2020-15685 (bmo#1622640)
      IMAP Response Injection when using STARTTLS
    * CVE-2020-26976 (bmo#1674343)
      HTTPS pages could have been intercepted by a registered
      service worker when they should not have been
    * CVE-2021-23960 (bmo#1675755)
      Use-after-poison for incorrectly redeclared JavaScript
      variables during GC
    * CVE-2021-23964 (bmo#1662507, bmo#1666285, bmo#1673526,
      bmo#1674278, bmo#1674835, bmo#1675097, bmo#1675844,
      bmo#1675868, bmo#1677590, bmo#1677888, bmo#1680410,
      bmo#1681268, bmo#1682068, bmo#1682938, bmo#1683736,
      bmo#1685260, bmo#1685925)
      Memory safety bugs fixed in Thunderbird 78.7
* Sun Jan 24 2021 Manfred Hollstein <manfred.h@gmx.net>
  - MozillaThunderbird.spec: Don't abuse BUILDROOT during %build as newer
    rpm versions in TW remove everything there as the first action
    of %install
* Mon Jan 11 2021 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 78.6.1
    MFSA 2021-02 (bsc#1180623)
    * CVE-2020-16044 (bmo#1683964)
      Use-after-free write when handling a malicious COOKIE-ECHO SCTP
      chunk
* Sat Dec 12 2020 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 78.6.0
    * changes and additions in MailExtensions
    * several bugfixes
    * https://www.thunderbird.net/en-US/thunderbird/78.6.0/releasenotes/
    MFSA 2020-56 (bsc#1180039))
    * CVE-2020-16042 (bmo#1679003)
      Operations on a BigInt could have caused uninitialized memory
      to be exposed
    * CVE-2020-26971 (bmo#1663466)
      Heap buffer overflow in WebGL
    * CVE-2020-26973 (bmo#1680084)
      CSS Sanitizer performed incorrect sanitization
    * CVE-2020-26974 (bmo#1681022)
      Incorrect cast of StyleGenericFlexBasis resulted in a heap
      use-after-free
    * CVE-2020-26978 (bmo#1677047)
      Internal network hosts could have been probed by a malicious
      webpage
    * CVE-2020-35111 (bmo#1657916)
      The proxy.onRequest API did not catch view-source URLs
    * CVE-2020-35112 (bmo#1661365)
      Opening an extension-less download may have inadvertently
      launched an executable instead
    * CVE-2020-35113 (bmo#1664831, bmo#1673589)
      Memory safety bugs fixed in Thunderbird 78.6
* Tue Dec 01 2020 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 78.5.1
    MFSA 2020-53 (bsc#1179530)
    * CVE-2020-26970 (bmo#1677338)
      Stack overflow due to incorrect parsing of SMTP server response codes
* Mon Nov 16 2020 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 78.5.0
    MFSA 2020-52 (bsc#1178894)
    * CVE-2020-26951 (bmo#1667113)
      Parsing mismatches could confuse and bypass security
      sanitizer for chrome privileged code
    * CVE-2020-16012 (bmo#1642028)
      Variable time processing of cross-origin images during
      drawImage calls
    * CVE-2020-26953 (bmo#1656741)
      Fullscreen could be enabled without displaying the security
      UI
    * CVE-2020-26956 (bmo#1666300)
      XSS through paste (manual and clipboard API)
    * CVE-2020-26958 (bmo#1669355)
      Requests intercepted through ServiceWorkers lacked MIME type
      restrictions
    * CVE-2020-26959 (bmo#1669466)
      Use-after-free in WebRequestService
    * CVE-2020-26960 (bmo#1670358)
      Potential use-after-free in uses of nsTArray
    * CVE-2020-15999 (bmo#1672223)
      Heap buffer overflow in freetype
    * CVE-2020-26961 (bmo#1672528)
      DoH did not filter IPv4 mapped IP Addresses
    * CVE-2020-26965 (bmo#1661617)
      Software keyboards may have remembered typed passwords
    * CVE-2020-26966 (bmo#1663571)
      Single-word search queries were also broadcast to local
      network
    * CVE-2020-26968 (bmo#1551615, bmo#1607762, bmo#1656697,
      bmo#1657739, bmo#1660236, bmo#1667912, bmo#1671479,
      bmo#1671923)
      Memory safety bugs fixed in Thunderbird 78.5
  - removed obsolete mozilla-rust-1.47.patch
* Wed Nov 11 2020 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 78.4.3
    https://www.thunderbird.net/en-US/thunderbird/78.4.3/releasenotes/
  - added mozilla-rust-1.47.patch to fix build with rust 1.47
* Mon Nov 09 2020 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 78.4.2
    MFSA 2020-49
    * CVE-2020-26950 (bmo#1675905)
      Write side effects in MCallGetProperty opcode not accounted for
* Thu Nov 05 2020 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 78.4.1
    * Bugfixes and minor features
      https://www.thunderbird.net/en-US/thunderbird/78.4.1/releasenotes/
* Tue Oct 20 2020 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 78.4.0
    * MailExtensions: browser.tabs.sendMessage API added
    * MailExtensions: messageDisplayScripts API added
    * Yahoo and AOL mail users using password authentication will be
      migrated to OAuth2
    * MailExtensions: messageDisplay APIs extended to support multiple
      selected messages
    * MailExtensions: compose.begin functions now support creating a
      message with attachments
    * multiple bugfixes
    MFSA 2020-47 (bsc#1177872)
    * CVE-2020-15969 (bmo#1666570)
      Use-after-free in usersctp
    * CVE-2020-15683 (bmo#1576843, bmo#1656987, bmo#1660954, bmo#1662760,
      bmo#1663439, bmo#1666140)
      Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
* Thu Oct 15 2020 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 78.3.3
    * OpenPGP: Improved support for encrypting with subkeys
    * OpenPGP message status icons were not visible in message header pane
    * OpenPGP Key Manager was missing from Tools menu on macOS
    * Creating a new calendar event did not require an event title
  - remove python2 dependencies for TW
  - support wayland mode/autodetection in startup wrapper
  - replace some Requires to use requires_ge macro where appropriate
  - improve langpack build (as already used for Firefox)
  - add ccache statistics output to build
* Wed Oct 07 2020 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 78.3.2
    * OpenPGP: Improved support for encrypting with subkeys
    * OpenPGP: Encrypted messages with international characters were
      sometimes displayed incorrectly
    * Single-click deletion of recipient pills with middle mouse
      button restored
    * Searching an address book list did not display results
    * Dark mode, high contrast, and Windows theming fixes
* Fri Sep 25 2020 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 78.3.1
    * fix crash in nsImapProtocol::CreateNewLineFromSocket (bmo#1667120)
* Wed Sep 23 2020 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 78.3.0
    MFSA 2020-44 (bsc#1176756)
    * CVE-2020-15677 (bmo#1641487)
      Download origin spoofing via redirect
    * CVE-2020-15676 (bmo#1646140)
      XSS when pasting attacker-controlled data into a
      contenteditable element
    * CVE-2020-15678 (bmo#1660211)
      When recursing through layers while scrolling, an iterator
      may have become invalid, resulting in a potential use-after-
      free scenario
    * CVE-2020-15673 (bmo#1648493, bmo#1660800)
      Memory safety bugs fixed in Thunderbird 78.3
  - requires NSPR >= 4.25.1
  - removed obsolete thunderbird-bmo1664607.patch
* Sun Sep 13 2020 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 78.2.2
    https://www.thunderbird.net/en-US/thunderbird/78.2.2/releasenotes
  - added thunderbird-bmo1664607.patch required for builds w/o updater
    (boo#1176384)
* Mon Aug 31 2020 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 78.2.1
    * based on Mozilla's 78 ESR codebase
    * many new and changed features
      https://www.thunderbird.net/en-US/thunderbird/78.0/releasenotes/#whatsnew
    * built-in OpenPGP support (enigmail neither required nor supported)
  - added platform patches:
    * mozilla-s390x-skia-gradient.patch
    * mozilla-pipewire-0-3.patch
    * mozilla-bmo1512162.patch
    * mozilla-bmo1626236.patch
    * mozilla-bmo998749.patch
    * mozilla-sandbox-fips.patch
  - removed obsolete platform patches
    * mozilla-s390-bigendian.patch
    * mozilla-nestegg-big-endian.patch
    * mozilla-openaes-decl.patch
    * mozilla-cubeb-noreturn.patch
* Sun Aug 30 2020 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 68.12.0
    MFSA 2020-40 (bsc#1175686)
    * CVE-2020-15663 (bmo#1643199)
      Downgrade attack on the Mozilla Maintenance Service could have
      resulted in escalation of privilege
    * CVE-2020-15664 (bmo#1658214)
      Attacker-induced prompt for extension installation
    * CVE-2020-15669 (bmo#1656957)
      Use-After-Free when aborting an operation
* Fri Aug 28 2020 Michel Normand <normand@linux.vnet.ibm.com>
  - Put back %limit_build macro usage to avoid build error PowerPC
    (remove memoryperjob constraint)
* Thu Aug 20 2020 Martin Liška <mliska@suse.cz>
  - Use memoryperjob constraint instead of %limit_build macro.
* Sat Aug 01 2020 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Thunderbird 68.11.0
    * fixed: FileLink attachments included as a link and file when
      added from a network drive via drag & drop (bmo#793118)
    MFSA 2020-35 (bsc#1174538)
    * CVE-2020-15652 (bmo#1634872)
      Potential leak of redirect targets when loading scripts in a
      worker
    * CVE-2020-6514 (bmo#1642792)
      WebRTC data channel leaks internal address to peer
    * CVE-2020-6463 (bmo#1635293)
      Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
    * CVE-2020-15659 (bmo#1550133, bmo#1633880, bmo#1646787,
      bmo#1650811)
      Memory safety bugs fixed in Thunderbird 68.11
* Wed Jul 01 2020 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Thunderbird 68.10.0
    * fixed: Chat: Topics displayed some characters improperly
      (bmo#1644024)
    * fixed: Calendar: Filtering tasks did not work when
      "Incomplete Tasks" was selected (bmo#1593711)
    MFSA 2020-26 (bsc#1173576)
    * CVE-2020-12417 (bmo#1640737)
      Memory corruption due to missing sign-extension for ValueTags
      on ARM64
    * CVE-2020-12418 (bmo#1641303)
      Information disclosure due to manipulated URL object
    * CVE-2020-12419 (bmo#1643874)
      Use-after-free in nsGlobalWindowInner
    * CVE-2020-12420 (bmo#1643437)
      Use-After-Free when trying to connect to a STUN server
    * MFSA-2020-0001 (bmo#1606610)
      Automatic account setup leaks Microsoft Exchange login
      credentials
    * CVE-2020-12421 (bmo#1308251)
      Add-On updates did not respect the same certificate trust
      rules as software updates
* Thu Jun 11 2020 Wolfgang Rosenauer <wr@rosenauer.org>
  - build with nodejs10 to be able to drop nodejs8 from TW
  - updated create-tar.sh
* Sat Jun 06 2020 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Thunderbird 68.9.0
    * fixed: Custom headers added for searching or filtering could
      not be removed (bmo#1631577)
    * fixed: Calendar: Today Pane updated prior to loading all data
      (bmo#1635613)
    * fixed: Stability improvements (bmo#1625677)
    MFSA 2020-22 (bsc#1172402)
    * CVE-2020-12405 (bmo#1631618)
      Use-after-free in SharedWorkerService
    * CVE-2020-12406 (bmo#1639590)
      JavaScript Type confusion with NativeTypes
    * CVE-2020-12410 (bmo#1619305, bmo#1632717)
      Memory safety bugs fixed in Thunderbird 68.9.0
    * CVE-2020-12398 (bmo#1613623)
      Security downgrade with IMAP STARTTLS leads to information
      leakage
* Sun May 24 2020 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Thunderbird 68.8.1
    * fixed: IMAP stability improvements (bmo#1586494)
    * fixed: HTML tags in IRC topic changes were rendered
      incorrectly (bmo#1607097)
    * fixed: MailExtensions: Websockets could not be used
      (bmo#1627649)
* Tue May 05 2020 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 68.8.0
    * Account Manager fixes and improvements
    * https://www.thunderbird.net/en-US/thunderbird/68.8.0/releasenotes
    MFSA 2020-18 (bsc#1171186)
    * CVE-2020-12397 (bmo#1617370)
      Sender Email Address Spoofing using encoded Unicode characters
    * CVE-2020-12387 (bmo#1545345)
      Use-after-free during worker shutdown
    * CVE-2020-6831 (bmo#1632241)
      Buffer overflow in SCTP chunk input validation
    * CVE-2020-12392 (bmo#1614468)
      Arbitrary local file access with 'Copy as cURL'
    * CVE-2020-12393 (bmo#1615471)
      Devtools' 'Copy as cURL' feature did not fully escape
      website-controlled data, potentially leading to command injection
    * CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704, bmo#1624098,
      bmo#1625749, bmo#1626382, bmo#1628076, bmo#1631508)
      Memory safety bugs fixed in Thunderbird 68.8.0
  - removed obsolete patch mozilla-bmo1580963.patch
* Tue May 05 2020 Ismail Dönmez <idonmez@suse.com>
  - Add mozilla-bmo1580963.patch to fix build with rust 1.43
    (bmo#1580963)
* Thu Apr 09 2020 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Thunderbird 68.7.0
    * Updates to MailExtensions API
    * Various improvements to account setup when connecting to an
      Exchange server
    * Thread collapsed when opening news message in a new window
    * Fix Addons not automatically updated to compatible version after
      upgrade from Thunderbird 60
    * Updating addons did not prompt when requesting new permissions
    * Extra recipients panel not keyboard-accessible
    * Accessibility: Status bar was not detected by screenreaders
    * Calendar: Invitations with embedded null bytes did not always decode correctly
    * Calendar: Cancelled events didn't show with a line-through
    * Various security fixes
    MFSA 2020-14
    In general, these flaws cannot be exploited through email in
    Thunderbird because scripting is disabled when reading mail, but
    are potentially risks in browser or browser-like contexts.
    * CVE-2020-6819 (bmo#1620818, bsc#1168630)
      Use-after-free while running the nsDocShell destructor
    * CVE-2020-6820 (bmo#1626728, bsc#1168630)
      Use-after-free when handling a ReadableStream
    * CVE-2020-6821 (bmo#1625404, bsc#1168874)
      Uninitialized memory could be read when using the WebGL
      copyTexSubImage method
    * CVE-2020-6822 (bmo#1544181, bsc#1168874)
      Out of bounds write in GMPDecodeData when processing large images
    * CVE-2020-6825 (bmo#1572541,bmo#1620193,bmo#1620203,bsc#1168874)
      Memory safety bugs fixed in Thunderbird 68.7.0
* Sat Mar 14 2020 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 68.6.0
    MFSA 2020-10 (bsc#1166238)
    * CVE-2020-6805 (bmo#1610880)
      Use-after-free when removing data about origins
    * CVE-2020-6806 (bmo#1612308)
      BodyStream::OnInputStreamReady was missing protections against
      state confusion
    * CVE-2020-6807 (bmo#1614971)
      Use-after-free in cubeb during stream destruction
    * CVE-2020-6811 (bmo#1607742)
      Devtools' 'Copy as cURL' feature did not fully escape
      website-controlled data, potentially leading to command injection
    * CVE-2019-20503 (bmo#1613765)
      Out of bounds reads in sctp_load_addresses_from_init
    * CVE-2020-6812 (bmo#1616661)
      The names of AirPods with personally identifiable information
      were exposed to websites with camera or microphone permission
    * CVE-2020-6814 (bmo#1592078, bmo#1604847, bmo#1608256, bmo#1612636,
      bmo#1614339)
      Memory safety bugs fixed in Thunderbird 68.6
  - requires NSS >= 3.44.3
* Mon Feb 10 2020 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 68.5.0
    New
    * Support for Client Identity IMAP/SMTP Service Extension
    * Support for OAuth 2.0 authentication for POP3 accounts
    Fixes
    * Status area goes blank during account setup
    * Calendar: Could not remove color for default categories
    * Calendar: Prevent calendar component loading multiple times
    * Calendar: Today pane did not retain width between sessions
    MFSA 2020-07 (bsc#1163368)
    * CVE-2020-6793 (bmo#1608539)
      Out-of-bounds read when processing certain email messages
    * CVE-2020-6794 (bmo#1606619)
      Setting a master password post-Thunderbird 52 does not delete
      unencrypted previously stored passwords
    * CVE-2020-6795 (bmo#1611105)
      Crash processing S/MIME messages with multiple signatures
    * CVE-2020-6797 (bmo#1596668) (Mac OSX only)
      Extensions granted downloads.open permission could open arbitrary
      applications on Mac OSX
    * CVE-2020-6798 (bmo#1602944)
      Incorrect parsing of template tag could result in JavaScript injection
    * CVE-2020-6792 (bmo#1609607)
      Message ID calculcation was based on uninitialized data
    * CVE-2020-6800 (bmo#1595786,bmo#1596706,bmo#1598543,bmo#1604851,
      bmo#1608580,bmo#1608785,bmo#1605777)
      Memory safety bugs fixed in Thunderbird 68.5
* Tue Jan 28 2020 Stasiek Michalski <stasiek@michalski.cc>
  - Use a symbolic icon from branding internals
* Fri Jan 24 2020 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 68.4.2
    * Calendar: Task and Event tree colours adjusted for the dark theme
    * Retrieval of S/MIME certificates from LDAP failed
    * Address-parsing crash on some IMAP servers when
      mail.imap.use_envelope_cmd is set
    * Incorrect forwarding of HTML messages caused SMTP servers to
      respond with a timeout
    * Calendar: Various parts of the calendar UI stopped working when
      a second Thunderbird window opened
* Fri Jan 10 2020 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 68.4.1
    * Various improvements when setting up an account for a Microsoft
      Exchange server: Now offers IMAP/SMTP if available, better
      detection for Office 365 accounts; re-run configuration after
      password change
    Fixes:
    * After changing view layout, the message display pane showed
      garbled content under some circumstances
    * Various theme changes to achieve "pixel perfection": Unread icon,
      "no results" icon, paragraph format and font selector, background
      of folder summary tooltip
    * Tags were lost on messages in shared IMAP folders under some
      circumstances
    * Calendar: Event attendee dialog was not displayed correctly
    MFSA 2020-04 (bsc#1160498, bsc#1160305)
    * CVE-2019-17026 (bmo#1607443)
      IonMonkey type confusion with StoreElementHole and FallibleStoreElement
    * CVE-2019-17015 (bmo#1599005)
      Memory corruption in parent process during new content process
      initialization on Windows
    * CVE-2019-17016 (bmo#1599181)
      Bypass of @namespace CSS sanitization during pasting
    * CVE-2019-17017 (bmo#1603055)
      Type Confusion in XPCVariant.cpp
    * CVE-2019-17021 (bmo#1599008)
      Heap address disclosure in parent process during content process
      initialization on Windows
    * CVE-2019-17022 (bmo#1602843)
      CSS sanitization does not escape HTML tags
    * CVE-2019-17024 (bmo#1507180, bmo#1595470, bmo#1598605, bmo#1601826)
      Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4
  - removed obsolete patch mozilla-bmo1511604.patch
  - added mozilla-bmo1602730.patch to fix LE<->BE issues in the
    platform (bmo#1602730)
* Fri Dec 27 2019 Wolfgang Rosenauer <wr@rosenauer.org>
  - add mozilla-bmo1583471.patch to allow building with rust 1.39
* Fri Dec 20 2019 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 68.3.1
    * In dark theme unread messages no longer shown in blue to
      distinguish from tagged messages
    * Account setup is now using client side DNS MX lookup instead of
      relying on a server
    Bugfixes
    * Searching LDAP address book crashed in some circumstances
    * Message navigation with backward and forward buttons did not work
      in some circumstances
    * WebExtension toolbar icons were displayed too small
    * Calendar: Tasks due today were not listed in bold
    * Calendar: Last day of long-running events was not shown
* Thu Dec 05 2019 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 68.3.0:
    * Message display toolbar action WebExtension API
    * Navigation buttons are now available in content tabs, for example
      those opened via an add-on search
    * other bugfixes
    MFSA 2019-38
    * CVE-2019-17008 (bmo#1546331)
      Use-after-free in worker destruction
    * CVE-2019-13722 (bmo#1580156)
      Stack corruption due to incorrect number of arguments in WebRTC code
    * CVE-2019-17010 (bmo#1581084)
      Use-after-free when performing device orientation checks
    * CVE-2019-17005 (bmo#1584170)
      Buffer overflow in plain text serializer
    * CVE-2019-17011 (bmo#1591334)
      Use-after-free when retrieving a document in antitracking
    * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209,
      bmo#1580288, bmo#1585760, bmo#1592502)
      Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
    * Various updates to improve performance and stability
  - updated create-tar.sh to cover buildid and origin repo information
  - changed locale building procedure
    * removed obsolete compare-locales.tar.xz and
      thunderbird-broken-locales-build.patch
  - add mozilla-bmo849632.patch to fix color issues on big endian
* Sat Nov 09 2019 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Thunderbird 68.2.2:
    * fix age calculation in address book (bmo#1592536)
    * fix column menu behavior in address book (bmo#1592393)
* Fri Nov 01 2019 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 68.2.1
    * A language for the user interface can now be chosen in the
      advanced settings (multilingual UI)
    * Fixed problem with Google authentication (OAuth2)
    * Selected or unread messages were not shown in the correct color
      in the thread pane (message list) under some circumstances
    * When using a language pack, names of standard folders weren't
      localized (boo#1149126)
    * Address book default startup directory in preferences panel was
      not persisted
    * Chat: Extended context menu on Instant messaging status dialog
      (Show Accounts)
  - added mozilla-bmo1504834-part4.patch to fix some visual issues on
    big endian platforms
* Tue Oct 22 2019 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 68.2.0
    * Message Display WebExtension API
    * Message Search WebExtension API
    * Better visual feedback for unread messages when using the dark theme
    * Fixed various issues when editing mailing list
    * Fixed application windows not maintaining their size after restart
    MFSA 2019-33 (bsc#1154738)
    * CVE-2019-15903 (bmo#1584907)
      Heap overflow in expat library in XML_GetCurrentLineNumber
    * CVE-2019-11757 (bmo#1577107)
      Use-after-free when creating index updates in IndexedDB
    * CVE-2019-11758 (bmo#1536227)
      Potentially exploitable crash due to 360 Total Security
    * CVE-2019-11759 (bmo#1577953)
      Stack buffer overflow in HKDF output
    * CVE-2019-11760 (bmo#1577719)
      Stack buffer overflow in WebRTC networking
    * CVE-2019-11761 (bmo#1561502)
      Unintended access to a privileged JSONView object
    * CVE-2019-11762 (bmo#1582857)
      document.domain-based origin isolation has same-origin-property violation
    * CVE-2019-11763 (bmo#1584216)
      Incorrect HTML parsing results in XSS bypass technique
    * CVE-2019-11764 (bmo#1558522, bmo#1577061, bmo#1548044, bmo#1571223,
      bmo#1573048, bmo#1578933, bmo#1575217, bmo#1583684, bmo#1586845,
      bmo#1581950, bmo#1583463, bmo#1586599)
      Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
  - removed obsolete patches
      mozilla-bmo1573381.patch
      mozilla-bmo1512162.patch
      mozilla-bmo1585099.patch
* Thu Oct 10 2019 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 68.1.2
    Bugfixes
    * Some attachments couldn't be opened in messages originating from
      MS Outlook 2016
    * Address book import from CSV
    * Performance problem in message body search
    * Ctrl+Enter to send a message would open an attachment if the
      attachment pane had focus
    * Calendar: Issues with "Today Pane" start-up
    * Calendar: Glitches with custom repeat and reminder number input
    * Calendar: Problems with WCAP provider
  - add mozilla-bmo1585099.patch to fix build with rust >= 1.38
* Wed Sep 25 2019 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 68.1.1
    Bugfixes
    * Issues with attachments in IMAP messages
    * Gmail accounts ignored a non-standard trash folder selection
    * Entering/pasting lists of recipients into the addressing widget or
      mailing list not working reliably, especially when lists contained
      multiple commas or semicolons
    * Edit mailing list not working
    * Various theme fixes, especially dark theme improvements for Calendar
    * Contrast between tag label and background not optimal
    * Account Central pane always loaded at start-up
    * "Config Editor" button not removed if blocked by policy
    * Calendar: Free/busy information in attendees dialog not scrolled
      correctly. Note: Scroll arrows still not behaving correctly
    MFSA 2019-32
    * CVE-2019-11755 (bmo#1240290, boo#1152375)
      Spoofing a message author via a crafted S/MIME message
  - require nodejs8 instead of generic nodejs for better cross-distribution
    support
  - call desktop database update on install
  - updated translations-other locale list
  - build correct ICU for Big Endian
  - remove kde.js since disabling instantApply breaks extensions and
    is obsolete with the move to HTML views for preferences (boo#1151186)
  - update create-tar.sh to latest revision and adjust tar_stamps
  - added platform patches from Firefox 68esr
    mozilla-bmo1005535.patch
    mozilla-bmo1463035.patch
    mozilla-bmo1504834-part1.patch
    mozilla-bmo1504834-part2.patch
    mozilla-bmo1504834-part3.patch
    mozilla-bmo1511604.patch
    mozilla-bmo1554971.patch
    mozilla-bmo1573381.patch
    mozilla-cubeb-noreturn.patch
    mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
    mozilla-fix-aarch64-libopus.patch
    mozilla-fix-top-level-asm.patch
    mozilla-nestegg-big-endian.patch
    mozilla-ntlm-full-path.patch
    mozilla-openaes-decl.patch
    mozilla-ppc-altivec_static_inline.patch
    mozilla-reduce-rust-debuginfo.patch
    mozilla-s390-bigendian.patch
    mozilla-s390-context.patch
    mozilla-bmo1512162.patch
    thunderbird-broken-locales-build.patch
  - removed renamed patches
    fix-missing-return-warning.patch
    fix-top-level-asm-issue.patch
    thunderbird-locale-build.patch
* Fri Sep 20 2019 munix9@googlemail.com
  - repack the lightning xpi with all available locales (boo#939153) (lp#545778)
* Fri Sep 20 2019 Martin Liška <mliska@suse.cz>
  - Add fix-top-level-asm-issue.patch in order to fix LTO build.
  - Enable LTO on TW on x86_64.
  - Use GCC.
* Fri Sep 20 2019 Bernhard Wiedemann <bwiedemann@suse.com>
  - added mozilla-bmo1568145.patch to make builds reproducible (boo#1047218)
* Tue Sep 10 2019 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 68.1.0
    * Offer to configure Exchange accounts for Office365. A third-party
      add-on is required for this account type. IMAP still exists as
      alternative.
    * several bugfixes
    MFSA 2019-30
    * CVE-2019-11739 (bmo#1571481, boo#1150939)
      Covert Content Attack on S/MIME encryption using a crafted
      multipart/alternative message
    * CVE-2019-11746 (bmo#1564449, boo#1149297)
      Use-after-free while manipulating video
    * CVE-2019-11744 (bmo#1562033, boo#1149304)
      XSS by breaking out of title and textarea elements using innerHTML
    * CVE-2019-11742 (bmo#1559715, boo#1149303)
      Same-origin policy violation with SVG filters and canvas to steal
      cross-origin images
    * CVE-2019-11752 (bmo#1501152, boo#1149296)
      Use-after-free while extracting a key value in IndexedDB
    * CVE-2019-11743 (bmo#1560495, boo#1149298)
      Cross-origin access to unload event attributes
    * CVE-2019-11740 (bmo#1563133,bmo#1573160, boo#1149299)
      Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox
      ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9
  - removed upstreamed fix-build-after-y2038-changes-in-glibc.patch
  - added thunderbird-locale-build.patch to fix locale build
* Fri Aug 30 2019 Manfred Hollstein <manfred.h@gmx.net>
  - Add -L flag to the stat call for checking file size of %{SOURCE4}.
  - Add fix-missing-return-warning.patch to silence a compiler warning.
* Wed Aug 28 2019 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 68.0
    * based on Firefox ESR 68
    * File link attachments can now be linked to again instead of
      uploading them again
    * Mark all folders of an account as read
    * Run filters periodically. Improved filter logging
    * OAuth2 authentication for Yandex
    * Language packs can now be selected in the Advanced Options.
      Preference intl.multilingual.enabled needs to be set (and possily
      also extensions.langpacks.signatures.required needs to be set to false)
    * Added a policy engine that allows customized Thunderbird deployments
      in enterprise environments, using Windows Group Policy or a
      cross-platform JSON file
    * TCP keepalive for IMAP protocol
    * Full Unicode support for MAPI interfaces: New support for MAPISendMailW
    * Calendar: Time zone data can now include past and future changes.
      All known time zone changes from 2018 to 2022 are included.
    * Chat: In each conversation an individual spellcheck language can
      be selected now
  - removed obsolete patches
    * mozilla-bmo1463035.patch
    * mozilla-i586-domPrefs.patch
    * mozilla-bmo1464766.patch
    * mozilla-bmo1519629.patch
    * mozilla-i586-DecoderDoctorLogger.patch
    * mozilla-bmo1375074.patch
  - added fix-build-after-y2038-changes-in-glibc.patch to fix build
    in Tumbleweed (patch already upstream for next release)
* Thu Aug 01 2019 Tristan Miller <psychonaut@nothingisreal.com>
  - Update package summary, description, and AppData using more informative
    and up-to-date text from the official Thunderbird FAQ, replacing obsolete
    references to the Mozilla Application Suite and Thunderbird's relation to
    the Mozilla organization
* Wed Jul 10 2019 Bernhard Wiedemann <bwiedemann@suse.com>
  - Generate langpacks sequentially to avoid file corruption
    from racy file writes (boo#1137970)
* Mon Jul 08 2019 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 60.8.0
    * Calendar: Problems when editing event times, some related to
      AM/PM setting in non-English locales
    MFSA 2019-23   (boo#1140868)
    * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327)
      Sandbox escape via installation of malicious languagepack
    * CVE-2019-11711 (bmo#1552541)
      Script injection within domain through inner window reuse
    * CVE-2019-11712 (bmo#1543804)
      Cross-origin POST requests can be made with NPAPI plugins by
      following 308 redirects
    * CVE-2019-11713 (bmo#1528481)
      Use-after-free with HTTP/2 cached stream
    * CVE-2019-11729 (bmo#1515342)
      Empty or malformed p256-ECDH public keys may trigger a segmentation fault
    * CVE-2019-11715 (bmo#1555523)
      HTML parsing error can contribute to content XSS
    * CVE-2019-11717 (bmo#1548306)
      Caret character improperly escaped in origins
    * CVE-2019-11719 (bmo#1540541)
      Out-of-bounds read when importing curve25519 private key
    * CVE-2019-11730 (bmo#1558299)
      Same-origin policy treats all files in a directory as having the
      same-origin
    * CVE-2019-11709 (bmo#1547266, bmo#1540759, bmo#1548822, bmo#1550498
      bmo#1515052, bmo#1539219, bmo#1547757, bmo#1550498, bmo#1533522)
      Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 and
      Thunderbird 60.8
* Thu Jun 20 2019 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 60.7.2
    MFSA 2019-20 (boo#1138872)
    * CVE-2019-11707 (bmo#1544386)
      Type confusion in Array.pop
    * CVE-2019-11708 (bmo#1559858)
      sandbox escape using Prompt:Open
* Wed Jun 12 2019 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 60.7.1
    * fixed: No prompt for smartcard PIN when S/MIME signing is used
    MFSA 2019-17 (boo#1137595)
    * CVE-2019-11703 (bmo#1553820)
      Heap buffer overflow in icalparser.c
    * CVE-2019-11704 (bmo#1553814)
      Heap buffer overflow in icalvalue.c
    * CVE-2019-11705 (bmo#1553808)
      Stack buffer overflow in icalrecur.c
    * CVE-2019-11706 (bmo#1555646)
      Type confusion in icalproperty.c
* Sat Jun 08 2019 Aaron Puchert <aaronpuchert@alice-dsl.net>
  - Increase disk space requirements in _constraints.
* Fri May 24 2019 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 60.7.0
    * Attachment pane of Write window no longer focussed when attaching
      files using a keyboard shortcut
    MFSA 2019-15 (boo#1135824)
    * CVE-2019-9815 (bmo#1546544)
      Disable hyperthreading on content JavaScript threads on macOS
    * CVE-2019-9816 (bmo#1536768)
      Type confusion with object groups and UnboxedObjects
    * CVE-2019-9817 (bmo#1540221)
      Stealing of cross-domain images using canvas
    * CVE-2019-9818 (bmo#1542581) (Windows only)
      Use-after-free in crash generation server
    * CVE-2019-9819 (bmo#1532553)
      Compartment mismatch with fetch API
    * CVE-2019-9820 (bmo#1536405)
      Use-after-free of ChromeEventHandler by DocShell
    * CVE-2019-11691 (bmo#1542465)
      Use-after-free in XMLHttpRequest
    * CVE-2019-11692 (bmo#1544670)
      Use-after-free removing listeners in the event listener manager
    * CVE-2019-11693 (bmo#1532525)
      Buffer overflow in WebGL bufferdata on Linux
    * CVE-2019-7317 (bmo#1542829)
      Use-after-free in png_image_free of libpng library
    * CVE-2019-9797 (bmo#1528909)
      Cross-origin theft of images with createImageBitmap
    * CVE-2018-18511 (bmo#1526218)
      Cross-origin theft of images with ImageBitmapRenderingContext
    * CVE-2019-11694 (bmo#1534196) (Windows only)
      Uninitialized memory memory leakage in Windows sandbox
    * CVE-2019-11698 (bmo#1543191)
      Theft of user history data through drag and drop of hyperlinks
      to and from bookmarks
    * CVE-2019-5798 (bmo#1535518)
      Out-of-bounds read in Skia
    * CVE-2019-9800 (bmo#1540166, bmo#1534593, bmo#1546327, bmo#1540136,
      bmo#1538736, bmo#1538042, bmo#1535612, bmo#1499719, bmo#1499108,
      bmo#1538619, bmo#1535194, bmo#1516325, bmo#1542324, bmo#1542097,
      bmo#1532465, bmo#1533554, bmo#1541580)
      Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
* Wed Apr 24 2019 Martin Liška <mliska@suse.cz>
  - Disable LTO (boo#1133267).
* Sat Mar 30 2019 Manfred Hollstein <manfred.h@gmx.net>
  - Add patch to fix build using rust-1.33: (boo#1130694)
    * mozilla-bmo1519629.patch (bmo#1519629)
* Mon Mar 25 2019 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 60.6.1
    MFSA 2019-12 (bsc#1130262)
    * CVE-2019-9810 (bmo#1537924)
      IonMonkey MArraySlice has incorrect alias information
    * CVE-2019-9813 (bmo#1538006)
      Ionmonkey type confusion with __proto__ mutations
* Wed Mar 20 2019 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 60.6.0
    * Calendar: Can't create repeating event with end date when using
      certain time zones, for example Europe/Minsk
    * some minor bugfixes
    * using 60.6.0esr Mozilla platform (bsc#1129821)
* Thu Mar 07 2019 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 60.5.3
    * fixed a regression on the Windows platform:
      Problem when using "Send to > Mail recipient" on Windows
* Sun Feb 24 2019 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 60.5.2
    * UTF-8 support for MAPISendMail
    * Problem with S/MIME certificate verification when receiving email
      from Outlook (issue introduced in version 60.5.1)
* Thu Feb 14 2019 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 60.5.1
    * CalDav access to some servers not working
    MFSA 2019-06 (bsc#1125330)
    * CVE-2018-18356 bmo#1525817
      Use-after-free in Skia
    * CVE-2019-5785 bmo#1525433
      Integer overflow in Skia
    * CVE-2018-18335 bmo#1525815
      Buffer overflow in Skia with accelerated Canvas 2D
    * CVE-2018-18509 bmo#1507218
      S/MIME signature spoofing
* Fri Jan 25 2019 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Thunderbird 60.5.0:
    * FileLink provider WeTransfer to upload large attachments
    * Thunderbird now allows the addition of OpenSearch search engines
      from a local XML file using a minimal user inferface: [+] button
      to select a file an add, [-] to remove.
    * More search engines: Google and DuckDuckGo available by default
      in some locales
    * During account creation, Thunderbird will now detect servers
      using the Microsoft Exchange protocol. It will offer the
      installation of a 3rd party add-on (Owl) which supports that
      protocol.
    * Thunderbird now compatible with other WebExtension-based
      FileLink add-ons like the Dropbox add-on
    MFSA 2019-03 (bsc#1122983)
    * CVE-2018-18500 bmo#1510114
      Use-after-free parsing HTML5 stream
    * CVE-2018-18505 bmo#1497749
      Privilege escalation through IPC channel messages
    * CVE-2016-5824 bmo#1275400
      DoS (use-after-free) via a crafted ics file
    * CVE-2018-18501 bmo#1512450 bmo#1517542 bmo#1513201 bmo#1460619
      bmo#1502871 bmo#1516738 bmo#1516514
      Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
  - requires NSS 3.36.7
  - removed obsolete patch
    mozilla-no-stdcxx-check.patch
  - rebased patches

Files

/usr/lib/thunderbird/extensions
/usr/lib/thunderbird/extensions/langpack-af@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-ast@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-be@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-bg@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-br@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-cak@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-cy@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-dsb@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-en-CA@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-es-MX@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-et@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-eu@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-fy-NL@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-ga-IE@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-gd@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-gl@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-he@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-hr@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-hsb@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-hy-AM@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-id@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-is@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-ka@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-kab@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-kk@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-lt@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-lv@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-ms@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-nn-NO@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-pa-IN@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-rm@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-ro@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-sk@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-sl@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-sq@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-sr@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-th@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-tr@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-uk@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-uz@thunderbird.mozilla.org.xpi
/usr/lib/thunderbird/extensions/langpack-vi@thunderbird.mozilla.org.xpi


Generated by rpm2html 1.8.1

Fabrice Bellet, Wed Oct 5 23:21:27 2022