* Message Display WebExtension API
* Message Search WebExtension API
* Better visual feedback for unread messages when using the dark theme
* Fixed various issues when editing mailing list
* Fixed application windows not maintaining their size after restart
MFSA 2019-33 (bsc#1154738)
* CVE-2019-15903 (bmo#1584907)
Heap overflow in expat library in XML_GetCurrentLineNumber
* CVE-2019-11757 (bmo#1577107)
Use-after-free when creating index updates in IndexedDB
* CVE-2019-11758 (bmo#1536227)
Potentially exploitable crash due to 360 Total Security
* CVE-2019-11759 (bmo#1577953)
Stack buffer overflow in HKDF output
* CVE-2019-11760 (bmo#1577719)
Stack buffer overflow in WebRTC networking
* CVE-2019-11761 (bmo#1561502)
Unintended access to a privileged JSONView object
* CVE-2019-11762 (bmo#1582857)
document.domain-based origin isolation has same-origin-property violation
* CVE-2019-11763 (bmo#1584216)
Incorrect HTML parsing results in XSS bypass technique
* CVE-2019-11764 (bmo#1558522, bmo#1577061, bmo#1548044, bmo#1571223,
bmo#1573048, bmo#1578933, bmo#1575217, bmo#1583684, bmo#1586845,
bmo#1581950, bmo#1583463, bmo#1586599)
Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
- removed obsolete patches
mozilla-bmo1573381.patch
mozilla-bmo1512162.patch
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=499
Bugfixes
* Some attachments couldn't be opened in messages originating from
MS Outlook 2016
* Address book import from CSV
* Performance problem in message body search
* Ctrl+Enter to send a message would open an attachment if the
attachment pane had focus
* Calendar: Issues with "Today Pane" start-up
* Calendar: Glitches with custom repeat and reminder number input
* Calendar: Problems with WCAP provider
- add mozilla-bmo1585099.patch to fix build with rust >= 1.38
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=496
Bugfixes
* Issues with attachments in IMAP messages
* Gmail accounts ignored a non-standard trash folder selection
* Entering/pasting lists of recipients into the addressing widget or
mailing list not working reliably, especially when lists contained
multiple commas or semicolons
* Edit mailing list not working
* Various theme fixes, especially dark theme improvements for Calendar
* Contrast between tag label and background not optimal
* Account Central pane always loaded at start-up
* "Config Editor" button not removed if blocked by policy
* Calendar: Free/busy information in attendees dialog not scrolled
correctly. Note: Scroll arrows still not behaving correctly
- require nodejs8 instead of generic nodejs for better cross-distribution
support
- call desktop database update on install
- updated translations-other locale list
- build correct ICU for Big Endian
- remove kde.js since disabling instantApply breaks extensions and
is obsolete with the move to HTML views for preferences (boo#1151186)
- update create-tar.sh to latest revision and adjust tar_stamps
- added platform patches from Firefox 68esr
mozilla-bmo1005535.patch
mozilla-bmo1463035.patch
mozilla-bmo1504834-part1.patch
mozilla-bmo1504834-part2.patch
mozilla-bmo1504834-part3.patch
mozilla-bmo1511604.patch
mozilla-bmo1554971.patch
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=490
add-on is required for this account type. IMAP still exists as
alternative.
* several bugfixes
MFSA 2019-30
* CVE-2019-11739 (bmo#1571481)
Covert Content Attack on S/MIME encryption using a crafted
multipart/alternative message
* CVE-2019-11746 (bmo#1564449)
Use-after-free while manipulating video
* CVE-2019-11744 (bmo#1562033)
XSS by breaking out of title and textarea elements using innerHTML
* CVE-2019-11742 (bmo#1559715)
Same-origin policy violation with SVG filters and canvas to steal
* CVE-2019-11752 (bmo#1501152)
Use-after-free while extracting a key value in IndexedDB
* CVE-2019-11743 (bmo#1560495)
Cross-origin access to unload event attributes
* CVE-2019-11740 (bmo#1563133,bmo#1573160)
Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox
ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9
- removed upstreamed fix-build-after-y2038-changes-in-glibc.patch
- added thunderbird-locale-build.patch to fix locale build
- Add -L flag to the stat call for checking file size of %{SOURCE4}.
- Add fix-missing-return-warning.patch to silence a compiler warning.
- Mozilla Thunderbird 68.0
* based on Firefox ESR 68
* File link attachments can now be linked to again instead of
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=483
