* fix crash in nsImapProtocol::CreateNewLineFromSocket (bmo#1667120)
- Mozilla Thunderbird 78.3.0
MFSA 2020-44 (bsc#1176756)
* CVE-2020-15677 (bmo#1641487)
Download origin spoofing via redirect
* CVE-2020-15676 (bmo#1646140)
XSS when pasting attacker-controlled data into a
contenteditable element
* CVE-2020-15678 (bmo#1660211)
When recursing through layers while scrolling, an iterator
may have become invalid, resulting in a potential use-after-
free scenario
* CVE-2020-15673 (bmo#1648493, bmo#1660800)
Memory safety bugs fixed in Thunderbird 78.3
- requires NSPR >= 4.25.1
- removed obsolete thunderbird-bmo1664607.patch
- Mozilla Thunderbird 78.2.2
https://www.thunderbird.net/en-US/thunderbird/78.2.2/releasenotes
- added thunderbird-bmo1664607.patch required for builds w/o updater
(boo#1176384)
- Mozilla Thunderbird 78.2.1
* based on Mozilla's 78 ESR codebase
* many new and changed features
https://www.thunderbird.net/en-US/thunderbird/78.0/releasenotes/#whatsnew
* built-in OpenPGP support (enigmail neither required nor supported)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=549
Bugfixes
* Issues with attachments in IMAP messages
* Gmail accounts ignored a non-standard trash folder selection
* Entering/pasting lists of recipients into the addressing widget or
mailing list not working reliably, especially when lists contained
multiple commas or semicolons
* Edit mailing list not working
* Various theme fixes, especially dark theme improvements for Calendar
* Contrast between tag label and background not optimal
* Account Central pane always loaded at start-up
* "Config Editor" button not removed if blocked by policy
* Calendar: Free/busy information in attendees dialog not scrolled
correctly. Note: Scroll arrows still not behaving correctly
- require nodejs8 instead of generic nodejs for better cross-distribution
support
- call desktop database update on install
- updated translations-other locale list
- build correct ICU for Big Endian
- remove kde.js since disabling instantApply breaks extensions and
is obsolete with the move to HTML views for preferences (boo#1151186)
- update create-tar.sh to latest revision and adjust tar_stamps
- added platform patches from Firefox 68esr
mozilla-bmo1005535.patch
mozilla-bmo1463035.patch
mozilla-bmo1504834-part1.patch
mozilla-bmo1504834-part2.patch
mozilla-bmo1504834-part3.patch
mozilla-bmo1511604.patch
mozilla-bmo1554971.patch
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=490
add-on is required for this account type. IMAP still exists as
alternative.
* several bugfixes
MFSA 2019-30
* CVE-2019-11739 (bmo#1571481)
Covert Content Attack on S/MIME encryption using a crafted
multipart/alternative message
* CVE-2019-11746 (bmo#1564449)
Use-after-free while manipulating video
* CVE-2019-11744 (bmo#1562033)
XSS by breaking out of title and textarea elements using innerHTML
* CVE-2019-11742 (bmo#1559715)
Same-origin policy violation with SVG filters and canvas to steal
* CVE-2019-11752 (bmo#1501152)
Use-after-free while extracting a key value in IndexedDB
* CVE-2019-11743 (bmo#1560495)
Cross-origin access to unload event attributes
* CVE-2019-11740 (bmo#1563133,bmo#1573160)
Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox
ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9
- removed upstreamed fix-build-after-y2038-changes-in-glibc.patch
- added thunderbird-locale-build.patch to fix locale build
- Add -L flag to the stat call for checking file size of %{SOURCE4}.
- Add fix-missing-return-warning.patch to silence a compiler warning.
- Mozilla Thunderbird 68.0
* based on Firefox ESR 68
* File link attachments can now be linked to again instead of
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=483
* Calendar: Can't create repeating event with end date when using
certain time zones, for example Europe/Minsk
* some minor bugfixes
* using 60.6.0esr Mozilla platform (bsc#1129821)
- Mozilla Thunderbird 60.5.3
* fixed a regression on the Windows platform:
Problem when using "Send to > Mail recipient" on Windows
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=458
- MozillaThunderbird 60.5.0:
* FileLink provider WeTransfer to upload large attachments
* Thunderbird now allows the addition of OpenSearch search engines
from a local XML file using a minimal user inferface: [+] button
to select a file an add, [-] to remove.
* More search engines: Google and DuckDuckGo available by default
in some locales
* During account creation, Thunderbird will now detect servers
using the Microsoft Exchange protocol. It will offer the
installation of a 3rd party add-on (Owl) which supports that
protocol.
* Thunderbird now compatible with other WebExtension-based
FileLink add-ons like the Dropbox add-on
- requires NSS 3.36.7
- removed obsolete patch
mozilla-no-stdcxx-check.patch
- rebased patches
MFSA 2018-31
* CVE-2018-17466 bmo#1488295
Buffer overflow and out-of-bounds read in ANGLE library with
TextureStorage11
* CVE-2018-18492 bmo#1499861
Use-after-free with select element
* CVE-2018-18493 bmo#1504452
Buffer overflow in accelerated 2D canvas with Skia
* CVE-2018-18494 bmo#1487964
Same-origin policy violation using location attribute and
performance.getEntries to steal cross-origin URLs
* CVE-2018-18498 bmo#1500011
Integer overflow when calculating buffer sizes for images
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=451
