Accepting request 1298009 from mozilla:Factory

- Mozilla Thunderbird ESR 140.1.1 Fixed * Users with attachments open in tabs saw an error on Thunderbird restart * Sending from unified or local folder failed if no default account was set * Delete button could remove attachment instead of message * Message list scrolled back when returning to mail tab after opening a message OBS-URL: https://build.opensuse.org/request/show/1298009 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=369
- Mozilla Thunderbird ESR 140.1.1
2025-08-07 14:48:53 +00:00 · 2025-08-06 18:14:05 +00:00 · 2025-08-03 11:38:21 +00:00 · 2025-08-01 08:44:07 +00:00 · 2025-07-25 15:05:51 +00:00 · 2025-07-25 06:36:59 +00:00
28 changed files with 1716 additions and 2188 deletions
--- a/MozillaThunderbird.changes
+++ b/MozillaThunderbird.changes
@@ -1,3 +1,694 @@
 -------------------------------------------------------------------
 Tue Aug  5 19:36:55 UTC 2025 - Wolfgang Rosenauer <wr@rosenauer.org>
 - Mozilla Thunderbird ESR 140.1.1
  Fixed
  * Users with attachments open in tabs saw an error on Thunderbird restart
  * Sending from unified or local folder failed if no default account was set
  * Delete button could remove attachment instead of message
  * Message list scrolled back when returning to mail tab after opening a message
 -------------------------------------------------------------------
 Sat Jul 26 08:58:28 UTC 2025 - Andreas Schwab <schwab@suse.de>
 - Update memory constraints
 -------------------------------------------------------------------
 Sat Jul 19 06:05:52 UTC 2025 - Wolfgang Rosenauer <wr@rosenauer.org>
 - Mozilla Thunderbird ESR 140.1.0
  * New folders were not added alphabetically if folders manually
    reordered beforehand
  * Message archive folder creation could silently stop during async
    folder creation
  MFSA 2025-63 (bsc#1246664)
  * CVE-2025-8027 (bmo#1968423)
    JavaScript engine only wrote partial return value to stack
  * CVE-2025-8028 (bmo#1971581)
    Large branch table could lead to truncated instruction
  * CVE-2025-8029 (bmo#1928021)
    javascript: URLs executed on object and embed tags
  * CVE-2025-8036 (bmo#1960834)
    DNS rebinding circumvents CORS
  * CVE-2025-8037 (bmo#1964767)
    Nameless cookies shadow secure cookies
  * CVE-2025-8030 (bmo#1968414)
    Potential user-assisted code execution in “Copy as cURL” command
  * CVE-2025-8031 (bmo#1971719)
    Incorrect URL stripping in CSP reports
  * CVE-2025-8032 (bmo#1974407)
    XSLT documents could bypass CSP
  * CVE-2025-8038 (bmo#1808979)
    CSP frame-src was not correctly enforced for paths
  * CVE-2025-8039 (bmo#1970997)
    Search terms persisted in URL bar
  * CVE-2025-8033 (bmo#1973990)
    Incorrect JavaScript state machine for generators
  * CVE-2025-8034 (bmo#1970422, bmo#1970422, bmo#1970422, bmo#1970422)
    Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR
    128.13, Thunderbird ESR 128.13, Firefox ESR 140.1,
    Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141
  * CVE-2025-8040 (bmo#1975058, bmo#1975058, bmo#1975998, bmo#1975998)
    Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird
    ESR 140.1, Firefox 141 and Thunderbird 141
  * CVE-2025-8035 (bmo#1975961, bmo#1975961, bmo#1975961)
    Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird
    ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox
    141 and Thunderbird 141
 -------------------------------------------------------------------
 Mon Jul 15 04:38:05 UTC 2025 - Tristan Miller <psychonaut@nothingisreal.com>
 - Mozilla Thunderbird ESR 140.0.1
  MFSA 2025-54
  * CVE-2025-6424 (bmo#1966423)
    Use-after-free in FontFaceSet
  * CVE-2025-6425 (bmo#1717672)
    The WebCompat WebExtension shipped exposed a persistent UUID
  * CVE-2025-6426 (bmo#1964385)
    No warning when opening executable terminal files on macOS
  * CVE-2025-6427 (bmo#1966927)
    connect-src Content Security Policy restriction could be
    bypassed
  * CVE-2025-6429 (bmo#1970658)
    Incorrect parsing of URLs could have allowed embedding of
    youtube.com
  * CVE-2025-6430 (bmo#1971140)
    Content-Disposition header ignored when a file is included in
    an embed or object tag
  * CVE-2025-6432 (bmo#1943804)
    DNS Requests leaked outside of a configured SOCKS proxy
  * CVE-2025-6433 (bmo#1954033)
    WebAuthn would allow a user to sign a challenge on a webpage
    with an invalid TLS certificate
  * CVE-2025-6434 (bmo#1955182)
    HTTPS-Only exception screen lacked anti-clickjacking delay
  * CVE-2025-6435 (bmo#1961777 bmo#1950056)
    Save as in Devtools could download files without sanitizing
    the extension
  * CVE-2025-6436 (bmo#1941377 bmo#1960948 bmo#1966187 bmo#1966505
    bmo#1970764)
    Memory safety bugs fixed in Firefox 140 and Thunderbird 140
 - adapt mozilla-ntlm-full-path.patch for Thunderbird 140.0.1
 - adapt mozilla-silence-no-return-type.patch for Thunderbird
  140.0.1
 -------------------------------------------------------------------
 Sun Jun 29 06:49:01 UTC 2025 - Wolfgang Rosenauer <wr@rosenauer.org>
 - Mozilla Thunderbird ESR 128.12.0
  MFSA 2025-55 (bsc#1244670)
  * CVE-2025-6424 (bmo#1966423)
    Use-after-free in FontFaceSet
  * CVE-2025-6425 (bmo#1717672)
    The WebCompat WebExtension shipped exposed a persistent UUID
  * CVE-2025-6426 (bmo#1964385)
    No warning when opening executable terminal files on macOS
  * CVE-2025-6429 (bmo#1970658)
    Incorrect parsing of URLs could have allowed embedding of
    youtube.com
  * CVE-2025-6430 (bmo#1971140)
    Content-Disposition header ignored when a file is included in
    an embed or object tag
 -------------------------------------------------------------------
 Tue Jun 17 08:18:37 UTC 2025 - Manfred Hollstein <manfred.h@gmx.net>
 - Use these tools/versions unconditionally, package won't build on
  Tumbleweed with new gcc15 otherwise:
  gcc14, gcc14-c++, cargo1.84, rust1.84
 -------------------------------------------------------------------
 Mon Jun  9 11:46:34 UTC 2025 - Wolfgang Rosenauer <wr@rosenauer.org>
 - Mozilla Thunderbird ESR 128.11.1
  MFSA 2025-49
  * CVE-2025-5986 (bmo#1958580, bmo#1968012)
    Unsolicited File Download, Disk Space Exhaustion, and Credential
    Leakage via mailbox:/// Links
 -------------------------------------------------------------------
 Sun Jun  8 14:58:03 UTC 2025 - Bernhard Wiedemann <bwiedemann@suse.com>
 - Replace usage of %jobs for reproducible builds (boo#1237231)
 -------------------------------------------------------------------
 Mon May 26 16:54:33 UTC 2025 - Wolfgang Rosenauer <wr@rosenauer.org>
 - Mozilla Thunderbird ESR 128.11.0
  MFSA 2025-46 (boo#1243353)
  * CVE-2025-5262 (bmo#1962421)
    Double-free in libvpx encoder
  * CVE-2025-5263 (bmo#1960745)
    Error handling for script execution was incorrectly isolated
    from web content
  * CVE-2025-5264 (bmo#1950001)
    Potential local code execution in “Copy as cURL” command
  * CVE-2025-5265 (bmo#1962301)
    Potential local code execution in “Copy as cURL” command
  * CVE-2025-5266 (bmo#1965628)
    Script element events leaked cross-origin resource status
  * CVE-2025-5267 (bmo#1954137)
    Clickjacking vulnerability could have led to leaking saved
    payment card details
  * CVE-2025-5268 (bmo#1950136, bmo#1958121, bmo#1960499,
    bmo#1962634)
    Memory safety bugs fixed in Firefox 139, Thunderbird 139,
    Firefox ESR 128.11, and Thunderbird 128.11
  * CVE-2025-5269 (bmo#1924108)
    Memory safety bug fixed in Firefox ESR 128.11 and Thunderbird
    128.11
  * fixed: Thunderbird could crash if message copying to Sent
    folder was interrupted (bmo#1965304)
 -------------------------------------------------------------------
 Wed May 21 05:23:25 UTC 2025 - Wolfgang Rosenauer <wr@rosenauer.org>
 - Mozilla Thunderbird ESR 128.10.2
  MFSA 2025-40 (boo#1243303)
  * CVE-2025-4918 (bmo#1966612)
    Out-of-bounds access when resolving Promise objects
  * CVE-2025-4919 (bmo#1966614)
    Out-of-bounds access when optimizing linear sums
  * Messages could not be viewed if the profile used a UNC path
  * Visual and UX improvements
 -------------------------------------------------------------------
 Thu May 15 17:11:50 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
 - Mozilla Thunderbird ESR 128.10.1:
  MFSA 2025-34 (boo#1243216)
  * CVE-2025-3875 (bmo#1950629)
    Sender Spoofing via Malformed From Header in Thunderbird
  * CVE-2025-3877 (bmo#1958580)
    Unsolicited File Download, Disk Space Exhaustion, and
    Credential Leakage via mailbox:/// Links
  * CVE-2025-3909 (bmo#1958376)
    JavaScript Execution via Spoofed PDF Attachment and file:///
    Link
  * CVE-2025-3932 (bmo#1960412)
    Tracking Links in Attachments Bypassed Remote Content
    Blocking
  * fixed: Standalone message windows/tabs no longer responded
    after folder compaction (bmo#1960349)
  * fixed: Thunderbird could crash when importing Outlook
    messages (bmo#1851297)
  * fixed: Visual and UX improvements (bmo#1960861)
 -------------------------------------------------------------------
 Sun May 11 09:44:51 UTC 2025 - Christian Boltz <suse-beta@cboltz.de>
 - build on s390x needs 17G memory - adjust _constraints
 -------------------------------------------------------------------
 Tue Apr 29 20:33:16 UTC 2025 - Wolfgang Rosenauer <wr@rosenauer.org>
 - Mozilla Thunderbird ESR 128.10.0
  * Changed color override defaults with high contrast mode on
    macOS and Linux
  * Using Delete column in "Search Messages..." window could delete
    other messages
  MFSA 2025-32 (bsc#1241621)
  * CVE-2025-2817 (bmo#1917536)
    Privilege escalation in Thunderbird Updater
  * CVE-2025-4082 (bmo#1937097)
    WebGL shader attribute memory corruption in Thunderbird for
    macOS
  * CVE-2025-4083 (bmo#1958350)
    Process isolation bypass using "javascript:" URI links in
    cross-origin frames
  * CVE-2025-4084 (bmo#1949994, bmo#1956698, bmo#1960198)
    Potential local code execution in "copy as cURL" command
  * CVE-2025-4087 (bmo#1952465)
    Unsafe attribute access during XPath parsing
  * CVE-2025-4091 (bmo#1951161, bmo#1952105)
    Memory safety bugs fixed in Firefox 138, Thunderbird 138,
    Firefox ESR 128.10, and Thunderbird 128.10
  * CVE-2025-4093 (bmo#1894100)
    Memory safety bug fixed in Firefox ESR 128.10 and Thunderbird
    128.10
 -------------------------------------------------------------------
 Tue Apr 15 20:16:38 UTC 2025 - Wolfgang Rosenauer <wr@rosenauer.org>
 - Mozilla Thunderbird ESR 128.9.2
  * Two-factor auth via text or email did not work with Office 365 using Oauth2
  * IRC channel was not visible after restart
  * Global indexing failed when processing email with invalid calendar data
  MFSA 2025-27
  * CVE-2025-3522 (bmo#1955372)
    Leak of hashed Window credentials via crafted attachment URL
  * CVE-2025-2830 (bmo#1956379)
    Information Disclosure of /tmp directory listing
  * CVE-2025-3523 (bmo#1958385)
    User Interface (UI) Misrepresentation of attachment URL
 -------------------------------------------------------------------
 Sat Apr  5 06:04:41 UTC 2025 - Wolfgang Rosenauer <wr@rosenauer.org>
 - Mozilla Thunderbird ESR 128.9.1
  * Added delay to built-in notifications when new profile is
    created in offline mode
 -------------------------------------------------------------------
 Thu Apr  3 10:20:02 UTC 2025 - Ana Guerrero <ana.guerrero@suse.com>
 - Update to use BuildRequires on clang-devel on Tumbleweed/Factory
  instead of clang18-tools.
 -------------------------------------------------------------------
 Thu Mar 27 07:17:25 UTC 2025 - Wolfgang Rosenauer <wr@rosenauer.org>
 - Mozilla Thunderbird ESR 128.9.0
  * Thunderbird now has a notification system for real-time desktop alerts
  * Data corruption occurred when compacting IMAP Drafts folder after
    saving a message
  * Right-clicking "Decrypt and Save As..." on an attachment file failed.
  * Thunderbird could crash when importing mail
  * Sort indicators were missing on the calendar events list
  MFSA 2025-24 (bsc#1240083)
  * CVE-2025-3028 (bmo#1941002)
    Use-after-free triggered by XSLTProcessor
  * CVE-2025-3029 (bmo#1952213)
    URL Bar Spoofing via non-BMP Unicode characters
  * CVE-2025-3030 (bmo#1850615, bmo#1932468, bmo#1942551,
    bmo#1951017, bmo#1951494)
    Memory safety bugs fixed in Firefox 137, Thunderbird 137,
    Firefox ESR 128.9, and Thunderbird 128.9
 -------------------------------------------------------------------
 Wed Mar  5 19:54:43 UTC 2025 - Wolfgang Rosenauer <wr@rosenauer.org>
 - Mozilla Thunderbird 128.8.0
  * Opening an .EML file in profiles with many folders could take a long time
  * Users with many folders experienced poor performance when resizing
    message panes
  * "Replace" button in compose window was overwritten when the window
    was narrow
  * Export to mobile did not work when "Use default server" was selected
  * "Save Link As" was not working in feed web content
  MFSA 2025-18 (bsc#1237683)
  * CVE-2024-43097 (bmo#1945624)
    Overflow when growing an SkRegion's RunArray
  * CVE-2025-1930 (bmo#1902309)
    AudioIPC StreamData could trigger a use-after-free in the
    Browser process
  * CVE-2025-1931 (bmo#1944126)
    Use-after-free in WebTransportChild
  * CVE-2025-1932 (bmo#1944313)
    Inconsistent comparator in XSLT sorting led to out-of-bounds access
  * CVE-2025-1933 (bmo#1946004)
    JIT corruption of WASM i32 return values on 64-bit CPUs
  * CVE-2025-1934 (bmo#1942881)
    Unexpected GC during RegExp bailout processing
  * CVE-2025-1935 (bmo#1866661)
    Clickjacking the registerProtocolHandler info-bar
  * CVE-2025-1936 (bmo#1940027)
    Adding %00 and a fake extension to a jar: URL  changed the
    interpretation of the contents
  * CVE-2025-1937 (bmo#1938471, bmo#1940716)
    Memory safety bugs fixed in Firefox 136, Thunderbird 136,
    Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8
  * CVE-2025-1938 (bmo#1922889, bmo#1935004, bmo#1943586,
    bmo#1943912, bmo#1948111)
    Memory safety bugs fixed in Firefox 136, Thunderbird 136,
    Firefox ESR 128.8, and Thunderbird 128.8
 -------------------------------------------------------------------
 Wed Feb 19 08:17:56 UTC 2025 - Wolfgang Rosenauer <wr@rosenauer.org>
 - Mozilla Thunderbird 128.7.1
  * Users may not have been notified if messages arrived in multiple
    folders at once
  * Message list scrolled to the wrong place on start-up
  * Unified folders could become unusable instead of being
    automatically rebuilt
  * Some messages may have been threaded incorrectly in unified folders
  * Middle-click autoscroll cursor appeared without arrows instead
    of expected design
 -------------------------------------------------------------------
 Wed Feb  5 07:26:07 UTC 2025 - Wolfgang Rosenauer <wr@rosenauer.org>
 - Mozilla Thunderbird 128.7.0
  MFSA 2025-10 (bsc#1236539)
  * CVE-2025-1009 (bmo#1936613)
    Use-after-free in XSLT
  * CVE-2025-1010 (bmo#1936982)
    Use-after-free in Custom Highlight
  * CVE-2025-1011 (bmo#1936454)
    A bug in WebAssembly code generation could result in a crash
  * CVE-2025-1012 (bmo#1939710)
    Use-after-free during concurrent delazification
  * CVE-2024-11704 (bmo#1899402)
    Potential double-free vulnerability in PKCS#7 decryption
    handling
  * CVE-2025-1013 (bmo#1932555)
    Potential opening of private browsing tabs in normal browsing
    windows
  * CVE-2025-1014 (bmo#1940804)
    Certificate length was not properly checked
  * CVE-2025-1015 (bmo#1939458)
    Unsanitized address book fields
  * CVE-2025-0510 (bmo#1940570)
    Address of e-mail sender can be spoofed by malicious email
  * CVE-2025-1016 (bmo#1936601, bmo#1936844, bmo#1937694,
    bmo#1938469, bmo#1939583, bmo#1940994)
    Memory safety bugs fixed in Firefox 135, Thunderbird 135,
    Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20,
    and Thunderbird 128.7
  * CVE-2025-1017 (bmo#1926256, bmo#1935471, bmo#1935984)
    Memory safety bugs fixed in Firefox 135, Thunderbird 135,
    Firefox ESR 128.7, and Thunderbird 128.7
 -------------------------------------------------------------------
 Mon Jan 27 07:58:55 UTC 2025 - Wolfgang Rosenauer <wr@rosenauer.org>
 - Mozilla Thunderbird 128.6.1
  * fixed: Link at about:rights pointed to Firefox privacy policy
    instead of Thunderbird's (bmo#1941998)
  * fixed: POP3 'fetch headers only' and 'get selected messages'
    could delete messages (bmo#1930847)
  * fixed: 'Search Online' checkbox in saved search properties
    was incorrectly disabled (bmo#1937642)
  * fixed: POP3 status message showed incorrect download count
    when messages were deleted (bmo#1935800)
  * fixed: Space bar did not always advance to the next unread
    message (bmo#1468925)
  * fixed: Folder creation or renaming failed due to incorrect
    preference settings (bmo#1911225)
  * fixed: Forwarding/editing S/MIME drafts/templates unusable
    due to regression (bmo#1940605, boo#1236411)
  * fixed: Sort order in 'Search Messages' panel reset after
    search or on first launch (bmo#1935073)
  * fixed: Reply window added an unnecessary third blank line at
    the top (bmo#1935938)
  * fixed: Thunderbird spell check box did not allow ENTER to
    accept suggested changes (bmo#1935401)
  * fixed: Long email subject lines could overlap window control
    buttons on macOS (bmo#1940201)
  * fixed: Flathub manifest link was not correct (bmo#1907695)
  * fixed: 'Prefer client-side email scheduling' needed to be
    selected twice (bmo#1862400)
  * fixed: Duplicate invitations were sent if CALDAV calendar
    email case did not match (bmo#1889607)
  * fixed: Visual and UX improvements
    (bmo#1875325,bmo#1901846,bmo#1939603,bmo#1855276)
 -------------------------------------------------------------------
 Wed Jan  8 08:12:38 UTC 2025 - Wolfgang Rosenauer <wr@rosenauer.org>
 - Mozilla Thunderbird 128.6.0
  * New mail notification was not hidden after reading the new message
  * New mail notification could show for the wrong folder, causing
    repeated alerts
  * macOS shortcut CMD+1 did not restore the main window when it was
    minimized
  * Clicking the context menu "Reply" button resulted in "Reply-All"
  * Switching from "All", "Unread", and "Threads with unread" did not work
  * Downloading message headers from a newsgroup could cause a hang
  * Message list performance slow when many updates happened at once
  * "mailto:" links did not apply the compose format of the current identity
  * Authentication failure of AUTH PLAIN or AUTH LOGIN did not fall
    back to USERPASS
  MFSA 2025-05  (bsc#1234991)
  * CVE-2025-0237 (bmo#1915257)
    WebChannel APIs susceptible to confused deputy attack
  * CVE-2025-0238 (bmo#1915535)
    Use-after-free when breaking lines in text
  * CVE-2025-0239 (bmo#1929156)
    Alt-Svc ALPN validation failure when redirected
  * CVE-2025-0240 (bmo#1929623)
    Compartment mismatch when parsing JavaScript JSON module
  * CVE-2025-0241 (bmo#1933023)
    Memory corruption when using JavaScript Text Segmentation
  * CVE-2025-0242 (bmo#1874523, bmo#1926454, bmo#1931873, bmo#1932169)
    Memory safety bugs fixed in Firefox 134, Thunderbird 134,
    Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19,
    and Thunderbird 128.6
  * CVE-2025-0243 (bmo#1827142, bmo#1932783)
    Memory safety bugs fixed in Firefox 134, Thunderbird 134,
    Firefox ESR 128.6, and Thunderbird 128.6
 -------------------------------------------------------------------
 Wed Dec 11 15:48:02 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
 - Mozilla Thunderbird 128.5.2
  * Large virtual folders could be very slow
  * Message could disappear after moving from IMAP folder followed
    by Undo and Redo
  * XMPP chat did not display messages sent inside a CDATA element
  * Selected calendar day did not move forward at midnight
  * Today pane agenda sometimes scrolled for no apparent reason
  * CalDAV calendars without offline support could degrade start-up
    performance
  * Visual and UX improvements
  MFSA 2024-69
  * CVE-2024-50336 (bmo#1929264)
    matrix-js-sdk has insufficient MXC URI validation which could
    allow client-side path traversal
 -------------------------------------------------------------------
 Tue Dec  3 07:41:29 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
 - Mozilla Thunderbird 128.5.1
  * Add end of year donation appeal
  * Total message count for favorite folders did not work consistently
 -------------------------------------------------------------------
 Thu Nov 28 09:07:50 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
 - make spec compatible with rpm < 4.17 again
 - correct appdata for different desktop filename
 -------------------------------------------------------------------
 Tue Nov 26 10:15:25 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
 - Mozilla Thunderbird 128.5.0
  * IMAP could crash when reading cached messages
  * Enabling "Show Folder Size" on Maildir profile could render
    Thunderbird unusable
  * Messages corrupted by folder compaction were only fixed by user
    intervention
  * Reading a message from past the end of an mbox file did not
    cause an error
  * View -> Folders had duplicate F access keys
  * Add-ons adding columns to the message list could fail and cause
    display issue
  * "Empty trash on exit" and "Expunge inbox on exit" did not
    always work
  * Selecting a display option in View -> Tasks did not apply in
    the Task interface
  MFSA 2024-68 (bsc#1233695)
  * CVE-2024-11691 (bmo#1914707, bmo#1924184)
    Memory corruption in Apple GPU drivers
  * CVE-2024-11692 (bmo#1909535)
    Select list elements could be shown over another site
  * CVE-2024-11693 (bmo#1921458)
    Download Protections were bypassed by .library-ms files on Windows
  * CVE-2024-11694 (bmo#1924167)
    CSP Bypass and XSS Exposure via Web Compatibility Shims
  * CVE-2024-11695 (bmo#1925496)
    URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
  * CVE-2024-11696 (bmo#1929600)
    Unhandled Exception in Add-on Signature Verification
  * CVE-2024-11697 (bmo#1842187)
    Improper Keypress Handling in Executable File Confirmation Dialog
  * CVE-2024-11698 (bmo#1916152)
    Fullscreen Lock-Up When Modal Dialog Interrupts Transition on macOS
  * CVE-2024-11699 (bmo#1880582, bmo#1929911)
    Memory safety bugs fixed in Firefox 133, Thunderbird 133,
    Firefox ESR 128.5, and Thunderbird 128.5
 - appid is thunderbird-esr currently; use the matching desktop
  file name (boo#1233650)
 -------------------------------------------------------------------
 Wed Nov 20 07:36:02 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
 - Mozilla Thunderbird 128.4.4
  * QR codes were not scannable by Android app when using most
    high-contrast themes
  * Primary password prompt cancellation during mobile export was
    confusing
 - revert using xdg-desktop-portal as some desktops have limited
  support
 -------------------------------------------------------------------
 Sat Nov  9 16:26:41 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
 - Mozilla Thunderbird 128.4.3
  Fixes:
  * Folder corruption could cause Thunderbird to freeze and become unusable
  * Message corruption could be propagated when reading mbox
  * Folder compaction was not abandoned on shutdown
  * Folder compaction did not clean up on failure
  * Collapsed NNTP thread incorrectly indicated there were unread messages
  * Navigating to next unread message did not wait for all messages
    to be loaded
  * Applying column view to folder and children could break if folder
    error occurred
  * Remote content notifications were broken with encrypted messages
  * Updating criteria of a saved search resulted in poor search performance
  * Drop-downs may not work in some places
  MFSA 2024-61
  * CVE-2024-11159 (bmo#1925929)
    Potential disclosure of plaintext in OpenPGP encrypted message
 - remove kmozillahelper support (boo#1226112)
  * removed mozilla-kde.patch
  * requires xdg-desktop-portal instead
 -------------------------------------------------------------------
 Wed Nov  6 19:54:16 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
 - Mozilla Thunderbird 128.4.2
  * Increased the auto-compaction threshold to reduce the frequency
    of compaction (bmo#1927656)
  * fixed: New profile creation caused console errors (bmo#1912675)
  * fixed: Repair folder could result in older messages showing
    wrong date and time (bmo#1911916)
  * fixed: Recently deleted messages could become undeleted if
    message compaction failed (bmo#1924927)
  * fixed: Visual and UX improvements
    (bmo#1857413,bmo#1922934,bmo#1924437)
  * fixed: Clicking on an HTML button could cause Thunderbird to
    freeze (bmo#1879355)
  * fixed: Messages could not be selected for dragging
    (bmo#1887518)
  * fixed: Could not open attached file in a MIME encrypted
    message (bmo#1924637)
  * fixed: Account creation "Setup Documentation" link was broken
    (bmo#1925493)
  * fixed: Unable to generate QR codes when exporting to mobile
    in some cases (bmo#1928114)
  * fixed: Operating system reauthentication was missing when
    exporting QR codes for mobile (bmo#1928232)
  * fixed: Could not drag all-day events from one day to another
    in week view (bmo#1922944)
 -------------------------------------------------------------------
 Sat Nov  2 09:01:15 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
 - Mozilla Thunderbird 128.4.1
  * Add the 20 year donation appeal (bmo#192538)
 -------------------------------------------------------------------
 Wed Oct 30 13:51:30 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
 - Mozilla Thunderbird 128.4.0
  * Export Thunderbird account settings to Thunderbird Mobile via QRCode
  Bugfixes:
  * Unable to send an unencrypted response to an OpenPGP encrypted message
  MFSA 2024-58 (bsc#1231879)
  * CVE-2024-10458 (bmo#1921733)
    Permission leak via embed or object elements
  * CVE-2024-10459 (bmo#1919087)
    Use-after-free in layout with accessibility
  * CVE-2024-10460 (bmo#1912537)
    Confusing display of origin for external protocol handler prompt
  * CVE-2024-10461 (bmo#1914521)
    XSS due to Content-Disposition being ignored in
    multipart/x-mixed-replace response
  * CVE-2024-10462 (bmo#1920423)
    Origin of permission prompt could be spoofed by long URL
  * CVE-2024-10463 (bmo#1920800)
    Cross origin video frame leak
  * CVE-2024-10464 (bmo#1913000)
    History interface could have been used to cause a Denial of
    Service condition in the browser
  * CVE-2024-10465 (bmo#1918853)
    Clipboard "paste" button persisted across tabs
  * CVE-2024-10466 (bmo#1924154)
    DOM push subscription message could hang Firefox
  * CVE-2024-10467 (bmo#1829029, bmo#1888538, bmo#1900394, bmo#1904059,
    bmo#1917742, bmo#1919809, bmo#1923706)
    Memory safety bugs fixed in Firefox 132, Thunderbird 132,
    Firefox ESR 128.4, and Thunderbird 128.4
 -------------------------------------------------------------------
 Wed Oct 23 06:45:00 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
 - Mozilla Thunderbird 128.3.3
  * Files left over from failed folder compactions could use up
    disk space (bmo#1878541)
  * Message list returned to selected message after action on
    another message (bmo#1917485)
  * Some faulty messages were downloaded and never stored
    (bmo#1923765)
  * Messages could become corrupted during folder compaction
    (bmo#1923747,bmo#1923541,bmo#1720047)
  * Searching events by Location, Description, or URL failed
    (bmo#1912710)
  * "Remove All Shown" saved passwords deleted all logins if
    filtered without results (bmo#601447)
  * Calendar event updates were not always sent to attendees
    (bmo#1877640)
 -------------------------------------------------------------------
 Wed Oct 16 14:52:43 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
 - Mozilla Thunderbird 128.3.2
  bugfix release:
  https://www.thunderbird.net/en-US/thunderbird/128.3.2esr/releasenotes
 - bring back mozilla-bmo531915.patch to fix x86
 -------------------------------------------------------------------
 Thu Oct 10 17:11:15 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
 - Mozilla Thunderbird 128.3.1
  https://www.thunderbird.net/en-US/thunderbird/128.0esr/releasenotes/
  and following release notes for minor version updates
  MFSA 2024-52  (bsc#1231413)
  * CVE-2024-9680 (bmo#1923344)
    Use-after-free in Animation timeline
  Mozilla Thunderbird 128.3.0
  MFSA 2024-32 (128.0)
  MFSA 2024-37 (128.1)
  MFSA 2024-43 (128.2)
  MFSA 2024-49 (128.3) (bsc#1230979)
  * CVE-2024-9392 (bmo#1899154, bmo#1905843)
    Compromised content process can bypass site isolation
  * CVE-2024-9393 (bmo#1918301)
    Cross-origin access to PDF contents through multipart responses
  * CVE-2024-9394 (bmo#1918874)
    Cross-origin access to JSON contents through multipart responses
  * CVE-2024-8900 (bmo#1872841)
    Clipboard write permission bypass
  * CVE-2024-9396 (bmo#1912471)
    Potential memory corruption may occur when cloning certain objects
  * CVE-2024-9397 (bmo#1916659)
    Potential directory upload bypass via clickjacking
  * CVE-2024-9398 (bmo#1881037)
    External protocol handlers could be enumerated via popups
  * CVE-2024-9399 (bmo#1907726)
    Specially crafted WebTransport requests could lead to denial
    of service
  * CVE-2024-9400 (bmo#1915249)
    Potential memory corruption during JIT compilation
  * CVE-2024-9401 (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1916476)
    Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16,
    Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3
  * CVE-2024-9402 (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1913445,
    bmo#1914106, bmo#1914475, bmo#1914963, bmo#1915008, bmo#1916476)
    Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3,
    Thunderbird 131, and Thunderbird 128.3
 - removed obsolete patches
  mozilla-bmo1504834-part3.patch
  mozilla-bmo1512162.patch
  mozilla-bmo1775202.patch
  mozilla-bmo531915.patch
  mozilla-fix-aarch64-libopus.patch
  mozilla-fix-issues-with-llvm18.patch
  mozilla-fix-top-level-asm.patch
  mozilla-partial-revert-1768632.patch
  mozilla-rust-disable-future-incompat.patch
  thunderbird-fix-CVE-2024-34703.patch
 - new patch thunderbird-silence-no-return.patch
 - rebased
  mozilla-bmo1504834-part1.patch
  mozilla-kde.patch
  mozilla-libavcodec58_91.patch
  mozilla-silence-no-return-type.patch
 -------------------------------------------------------------------
 Fri Sep  6 08:55:26 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
--- a/MozillaThunderbird.spec
+++ b/MozillaThunderbird.spec
@@ -1,8 +1,9 @@
 #
 # spec file for package MozillaThunderbird
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
-# Copyright (c) 2006-2023 Wolfgang Rosenauer <wr@rosenauer.org>
+# Copyright (c) 2006-2025 Wolfgang Rosenauer <wr@rosenauer.org>
 # Copyright (c) 2025 Tristan Miller <psychonaut@nothingisreal.com>
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -25,14 +26,14 @@
 # FF70beta3 would be released as FF69.99
 # orig_version would be the upstream tar ball
 # orig_version 70.0
-# orig_suffix b3
+# orig_suffix b3 (or esr)
 # major 69
 # mainver %%major.99
-%define major          115
+%define major          140
-%define mainver        %major.15.0
+%define mainver        %major.1.1
-%define orig_version   115.15.0
+%define orig_version   140.1.1
-%define orig_suffix    %nil
+%define orig_suffix    esr
-%define update_channel release
+%define update_channel esr
 %define source_prefix  thunderbird-%{orig_version}
 # PGO builds do not work in TW currently (bmo#1680306)
@@ -43,19 +44,23 @@
 %bcond_with only_print_mozconfig
 %bcond_without mozilla_tb_kde4
 %bcond_with    mozilla_tb_valgrind
 %bcond_without mozilla_tb_optimize_for_size
 # define if ccache should be used or not
-%define useccache     0
+%define useccache     1
 # No i586 on SLE-12, as the rpmlints are broken and can't handle the big rpms resulting from this build.
 %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000
 ExclusiveArch:  aarch64 ppc64le x86_64 s390x
 %else
 # Firefox only supports i686
 %ifarch %ix86
 ExclusiveArch:  i586 i686
 BuildArch:      i686
 %{expand:%%global optflags %(echo "%optflags"|sed -e s/i586/i686/) -march=i686 -mtune=generic -msse2}
 %endif
 %endif
 %{expand:%%global optflags %(echo "%optflags"|sed -e s/-flto=auto//) }
 # general build definitions
@@ -64,10 +69,11 @@ BuildArch:      i686
 %define srcname  thunderbird
 %define appname  Thunderbird
 %define progdir %{_prefix}/%_lib/%{progname}
-%define gnome_dir     %{_prefix}
+%define gnome_dir %{_prefix}
-%define desktop_file_name %{progname}
+%{!?orig_suffix:%global orig_suffix ""}
 %define desktop_file_name %(echo "%{orig_suffix}" | grep -q esr && echo "%{progname}-esr" || echo "%{progname}")
 %define __provides_exclude ^lib.*\\.so.*$
-%define __requires_exclude ^(libmoz.*|liblgpllibs.*|libxul.*|libldap.*|libldif.*|libprldap.*|librnp.*)$
+%define __requires_exclude ^(libmoz.*|liblgpllibs.*|libxul.*|libgk.*|libldap.*|libldif.*|libprldap.*|librnp.*)$
 %define localize 1
 %ifarch %ix86 x86_64
 %define crashreporter 1
@@ -87,41 +93,44 @@ Name:           %{pkgname}
 BuildRequires:  Mesa-devel
 BuildRequires:  alsa-devel
 BuildRequires:  autoconf213
 BuildRequires:  cargo1.84
 BuildRequires:  dbus-1-glib-devel
 BuildRequires:  dejavu-fonts
 BuildRequires:  fdupes
 BuildRequires:  gcc14
 BuildRequires:  gcc14-c++
 BuildRequires:  memory-constraints
-%if 0%{?suse_version} >= 1699
+BuildRequires:  rust1.84
 BuildRequires:  gcc13
 BuildRequires:  gcc13-c++
 %else
 %if 0%{?suse_version} < 1550 && 0%{?sle_version} <= 150600
 BuildRequires:  gcc13
 BuildRequires:  gcc13-c++
 %else
 BuildRequires:  gcc-c++
 %endif
 %endif
 BuildRequires:  cargo1.72
 BuildRequires:  rust1.72
 %if 0%{useccache} != 0
 BuildRequires:  ccache
 %endif
 BuildRequires:  libXcomposite-devel
 BuildRequires:  libcurl-devel
 BuildRequires:  mozilla-nspr-devel >= 4.35
-BuildRequires:  mozilla-nss-devel >= 3.90
+BuildRequires:  mozilla-nss-devel >= 3.101.1
 BuildRequires:  nasm >= 2.14
-BuildRequires:  nodejs >= 12.22.12
+%if 0%{?sle_version} >= 120000 && 0%{?sle_version} <= 150000
-%if 0%{?sle_version} >= 150000 && 0%{?sle_version} <= 150600
+BuildRequires:  libXtst-devel
 BuildRequires:  nodejs12 >= 12.22.12
 #BuildRequires:  python-libxml2
 BuildRequires:  python39
 BuildRequires:  python39-curses
 BuildRequires:  python39-devel
 %else
 %if 0%{?sle_version} > 150000 && 0%{?sle_version} <= 150600
 BuildRequires:  nodejs12 >= 12.22.12
 BuildRequires:  python39
 BuildRequires:  python39-curses
 BuildRequires:  python39-devel
 %else
 # ALP
 BuildRequires:  nodejs >= 12.22.12
 BuildRequires:  python3 >= 3.7
 BuildRequires:  python3-curses
 BuildRequires:  python3-devel
 %endif
-BuildRequires:  rust-cbindgen >= 0.24.3
+%endif
 BuildRequires:  rust-cbindgen >= 0.27
 BuildRequires:  unzip
 BuildRequires:  update-desktop-files
 BuildRequires:  xorg-x11-libXt-devel
@@ -133,10 +142,10 @@ BuildRequires:  zip
 %if 0%{?suse_version} < 1550
 BuildRequires:  pkgconfig(gconf-2.0) >= 1.2.1
 %endif
-%if (0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000)
+%if 0%{?suse_version} < 1599
-BuildRequires:  clang6-devel
+BuildRequires:  clang15-devel
 %else
-BuildRequires:  clang-devel >= 5
+BuildRequires:  clang-devel
 %endif
 BuildRequires:  pkgconfig(glib-2.0) >= 2.22
 BuildRequires:  pkgconfig(gobject-2.0)
@@ -162,12 +171,6 @@ Provides:       thunderbird = %{version}
 Obsoletes:      MozillaThunderbird-devel < %{version}
 Provides:       appdata()
 Provides:       appdata(thunderbird.appdata.xml)
 %if %{with mozilla_tb_kde4}
 # this is needed to match this package with the kde4 helper package without the main package
 # having a hard requirement on the kde4 package
 %define kde_helper_version 6
 Provides:       mozilla-kde4-version = %{kde_helper_version}
 %endif
 Summary:        An integrated email, news feeds, chat, and newsgroups client
 License:        MPL-2.0
 Group:          Productivity/Networking/Email/Clients
@@ -184,39 +187,25 @@ Source7:        l10n-%{orig_version}%{orig_suffix}.tar.xz
 %endif
 Source9:        thunderbird.appdata.xml
 Source13:       spellcheck.js
-Source14:       https://github.com/openSUSE/firefox-scripts/raw/c3f287d/create-tar.sh
+Source14:       https://github.com/openSUSE/firefox-scripts/raw/913fab1a196e2a0623b5c554598bfde3b4b49e29/create-tar.sh
 Source20:       https://ftp.mozilla.org/pub/%{srcname}/releases/%{version}%{orig_suffix}/source/%{srcname}-%{orig_version}%{orig_suffix}.source.tar.xz.asc
 Source21:       https://ftp.mozilla.org/pub/%{srcname}/releases/%{version}%{orig_suffix}/KEY#/mozilla.keyring
 # Gecko/Toolkit
 Patch1:         mozilla-nongnome-proxies.patch
 %if %{with mozilla_tb_kde4}
 Patch2:         mozilla-kde.patch
 %endif
 Patch3:         mozilla-ntlm-full-path.patch
 Patch4:         mozilla-aarch64-startup-crash.patch
-Patch5:         mozilla-fix-aarch64-libopus.patch
+Patch5:         mozilla-bmo531915.patch
 Patch6:         mozilla-s390-context.patch
 Patch7:         mozilla-pgo.patch
 Patch8:         mozilla-reduce-rust-debuginfo.patch
-Patch9:         mozilla-bmo1504834-part1.patch
+Patch10:        mozilla-bmo1504834-part1.patch
-Patch10:        mozilla-bmo1504834-part3.patch
+Patch14:        mozilla-bmo849632.patch
-Patch11:        mozilla-bmo1512162.patch
+Patch15:        mozilla-bmo998749.patch
-Patch12:        mozilla-fix-top-level-asm.patch
+Patch17:        mozilla-libavcodec58_91.patch
-Patch13:        mozilla-bmo849632.patch
+Patch18:        mozilla-silence-no-return-type.patch
-Patch14:        mozilla-bmo998749.patch
+Patch20:        one_swizzle_to_rule_them_all.patch
-Patch15:        mozilla-libavcodec58_91.patch
+Patch21:        svg-rendering.patch
-Patch16:        mozilla-silence-no-return-type.patch
+Patch22:        thunderbird-silence-no-return.patch
 Patch17:        mozilla-bmo531915.patch
 Patch18:        one_swizzle_to_rule_them_all.patch
 Patch19:        svg-rendering.patch
 Patch20:        mozilla-partial-revert-1768632.patch
 Patch21:        mozilla-bmo1775202.patch
 Patch22:        mozilla-rust-disable-future-incompat.patch
 Patch23:        thunderbird-fix-CVE-2024-34703.patch
 %if 0%{?product_libs_llvm_ver} > 17
 # LLVM18 breaks building Firefox ESR:
 Patch30:        mozilla-fix-issues-with-llvm18.patch
 %endif
 %endif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 PreReq:         /bin/sh
@@ -230,6 +219,12 @@ PreReq:         textutils
 Recommends:     libcanberra0
 Recommends:     libotr5
 Recommends:     libpulse0
 # To make security-keys (e.g. Yubikey) work with TB, it needs the udev-rules installed.
 # A clean package with the most common rules exists only in SP3 onwards. `u2f-hosts` could be used on older
 # code streams, but it contains more than just the rules, so we're not recommending it here.
 %if 0%{?suse_version} >= 1600 || 0%{?sle_version} >= 150300
 Recommends:     libfido2-udev
 %endif
 Requires:       %{name}-openpgp
 Suggests:       %{name}-openpgp-librnp
 Requires(post): desktop-file-utils
@@ -305,14 +300,6 @@ DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\""
 TIME="\"$(date -d "${modified}" "+%%R")\""
 find . -regex ".*\.c\|.*\.cpp\|.*\.h" -exec sed -i "s/__DATE__/${DATE}/g;s/__TIME__/${TIME}/g" {} +
 %if %{with mozilla_tb_kde4}
 kdehelperversion=$(cat toolkit/xre/nsKDEUtils.cpp | grep '#define KMOZILLAHELPER_VERSION' | cut -d ' ' -f 3)
 if test "$kdehelperversion" != %{kde_helper_version}; then
  echo fix kde helper version in the .spec file
  exit 1
 fi
 %endif
 # When doing only_print_mozconfig, this file isn't necessarily available, so skip it
 cp %{SOURCE4} .obsenv.sh
 %else
@@ -322,7 +309,7 @@ echo "" > .obsenv.sh
 cat >> .obsenv.sh <<EOF
 export CARGO_HOME=${RPM_BUILD_DIR}/%{srcname}-%{orig_version}/.cargo
-export MOZ_SOURCE_CHANGESET=\$RELEASE_TAG
+#export MOZ_SOURCE_CHANGESET=\$RELEASE_TAG
 export SOURCE_REPO=\$RELEASE_REPO
 export source_repo=\$RELEASE_REPO
 export MOZ_SOURCE_REPO=\$RELEASE_REPO
@@ -332,35 +319,20 @@ export BUILD_OFFICIAL=1
 export MOZ_TELEMETRY_REPORTING=1
 export MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE=system
 export CFLAGS="%{optflags}"
 %if 0%{?suse_version} >= 1699
 export CC=gcc-13
 export CXX=g++-13
 %else
 %if 0%{?suse_version} < 1550 && 0%{?sle_version} <= 150600
 export CC=gcc-13
 export CXX=g++-13
 %else
 %if 0%{?clang_build} == 0
-export CC=gcc
+export CC=gcc-14
-export CXX=g++
+export CXX=g++-14
 %if 0%{?gcc_version:%{gcc_version}} >= 12
 export CFLAGS="\$CFLAGS -fimplicit-constexpr"
 %endif
 %endif
 %endif
 %endif
 %ifarch %arm %ix86
 ### NOTE: these sections are not required anymore. Alson --no-keep-memory + -Wl,-z,pack-relative-relocs causes
 ### ld to go OOM (https://sourceware.org/bugzilla/show_bug.cgi?id=30756)
 # Limit RAM usage during link
-export LDFLAGS="\$LDFLAGS -Wl,--no-keep-memory -Wl,--reduce-memory-overheads"
+# export LDFLAGS="\$LDFLAGS -Wl,--no-keep-memory -Wl,--reduce-memory-overheads -Wl,--no-map-whole-files -Wl,--hash-size=31"
 #
 # A lie to prevent -Wl,--gc-sections being set which requires more memory than 32bit can offer
-export GC_SECTIONS_BREAKS_DEBUG_RANGES=yes
+#export GC_SECTIONS_BREAKS_DEBUG_RANGES=yes
 %endif
 export LDFLAGS="\$LDFLAGS -fPIC -Wl,-z,relro,-z,now"
 %ifarch ppc64 ppc64le
 %if 0%{?clang_build} == 0
 #export CFLAGS="\$CFLAGS -mminimal-toc"
 %endif
 %endif
 %ifarch %ix86
 # Not enough memory on 32-bit systems, reduce debug info.
 export CFLAGS="\$CFLAGS -g1"
@@ -379,8 +351,8 @@ source ./.obsenv.sh
 cat << EOF > $MOZCONFIG
 mk_add_options MOZILLA_OFFICIAL=1
 mk_add_options BUILD_OFFICIAL=1
-mk_add_options MOZ_MAKE_FLAGS=%{?jobs:-j%jobs}
+mk_add_options MOZ_MAKE_FLAGS=%{?_smp_mflags}
-mk_add_options MOZ_OBJDIR=$RPM_BUILD_DIR/obj
+mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/../obj
 ac_add_options --disable-bootstrap
 ac_add_options --prefix=%{_prefix}
 ac_add_options --libdir=%{_libdir}
@@ -399,12 +371,6 @@ ac_add_options --disable-debug-symbols
 ac_add_options --enable-debug-symbols=-g1
 %endif
 ac_add_options --disable-install-strip
 # building with elf-hack started to fail everywhere with FF73
 #%%if 0%%{?suse_version} > 1549
 %ifarch %arm %ix86 x86_64
 ac_add_options --disable-elf-hack
 %endif
 #%%endif
 ac_add_options --with-system-nspr
 ac_add_options --with-system-nss
 %if 0%{useccache} != 0
@@ -418,7 +384,7 @@ ac_add_options --disable-updater
 ac_add_options --disable-tests
 ac_add_options --enable-alsa
 ac_add_options --disable-debug
-ac_add_options --disable-necko-wifi
+#ac_add_options --disable-necko-wifi
 ac_add_options --enable-update-channel=%{update_channel}
 ac_add_options --with-unsigned-addon-scopes=app
 ac_add_options --allow-addon-sideload
@@ -447,7 +413,7 @@ ac_add_options --enable-optimize="-O1"
 %ifarch x86_64
 # LTO needs newer toolchain stack only (at least GCC 8.2.1 (r268506)
 %if 0%{?suse_version} > 1500
-#ac_add_options --enable-lto
+ac_add_options --enable-lto
 %if 0%{?do_profiling}
 ac_add_options MOZ_PGO=1
 %endif
@@ -474,6 +440,9 @@ xvfb-run --server-args="-screen 0 1920x1080x24" \
 # build additional locales
 %if %localize
 # Work around the following Exception: Cannot use MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE="system" for any sites other than ('mach', 'build', 'common'). The current attempted site is "tb_common".
 # by unsetting MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE, which we don't need for l10n-packages
 unset MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE
 truncate -s 0 %{_tmppath}/translations.{common,other}
 # langpack-build can not be done in parallel easily (see https://bugzilla.mozilla.org/show_bug.cgi?id=1660943)
 # Therefore, we have to have a separate obj-dir for each language
@@ -493,11 +462,10 @@ ac_add_options --without-wasm-sandboxed-libraries
 ac_add_options --enable-official-branding
 EOF
-%ifarch %ix86
+#%%define njobs 0%{?jobs:%%jobs}
 # Weird race condition when building langpacks which comes and goes in OBS/IBS is hitting heavy with TB 128
 # so we have to build it sequentially, sadly.
 %define njobs 1
 %else
 %define njobs 0%{?jobs:%jobs}
 %endif
 mkdir -p $RPM_BUILD_DIR/langpacks_artifacts/
 sed -r '/^(ja-JP-mac|ga-IE|en-US|)$/d;s/ .*$//' $RPM_BUILD_DIR/%{source_prefix}/comm/mail/locales/shipped-locales \
@@ -566,9 +534,13 @@ mkdir -p %{buildroot}%{_datadir}/applications
 install -m 644 %{SOURCE1} \
               %{buildroot}%{_datadir}/applications/%{desktop_file_name}.desktop
 %suse_update_desktop_file %{desktop_file_name} Network Email GTK
 # additional mime-types
 #mkdir -p %{buildroot}%{_datadir}/mime/packages
 # cp %{SOURCE8} %{buildroot}%{_datadir}/mime/packages/%{progname}.xml
 # appdata
 mkdir -p %{buildroot}%{_datadir}/appdata
-cp %{SOURCE9} %{buildroot}%{_datadir}/appdata/%{desktop_file_name}.appdata.xml
+sed -e 's,thunderbird.desktop,%{desktop_file_name}.desktop,g' \
   %{SOURCE9} > %{buildroot}%{_datadir}/appdata/%{desktop_file_name}.appdata.xml
 # apply SUSE defaults
 sed -e 's,RPM_VERSION,%{mainversion},g
 s,GSSAPI,%{libgssapi},g' \
@@ -598,6 +570,7 @@ rm -f %{buildroot}%{progdir}/updater.ini
 rm -f %{buildroot}%{progdir}/update.locale
 rm -f %{buildroot}%{progdir}/dictionaries/en-US*
 rm -f %{buildroot}%{progdir}/nspr-config
 rm -f %{buildroot}%{progdir}/interesting_serverknobs.json
 # Some sites use different partitions for /usr/(lib|lib64) and /usr/share.  Since you
 # can't create hardlinks across partitions, we'll do this more than once.
 %fdupes %{buildroot}%{progdir}
@@ -626,23 +599,19 @@ exit 0
 %{progdir}/*.so
 %exclude %{progdir}/librnp.so
 %{progdir}/glxtest
 %if 0%{wayland_supported}
 %{progdir}/vaapitest
 %endif
 %{progdir}/omni.ja
 %{progdir}/fonts/
 %{progdir}/pingsender
 %{progdir}/platform.ini
 %{progdir}/plugin-container
 %{progdir}/rnp-cli
 %{progdir}/rnpkeys
 %{progdir}/thunderbird-bin
 # crashreporter files
 %if %crashreporter
 %{progdir}/crashhelper
 %{progdir}/crashreporter
-%{progdir}/crashreporter.ini
+#%%{progdir}/minidump-analyzer
 %{progdir}/Throbber-small.gif
 %{progdir}/minidump-analyzer
 %endif
 %dir %{progdir}/chrome/
 %{progdir}/chrome/icons/
--- a/20
+++ b/20
@@ -47,6 +47,16 @@
      </memoryperjob>
    </hardware>
  </overwrite>
  <overwrite>
    <conditions>
      <arch>s390x</arch>
    </conditions>
    <hardware>
      <memory>
        <size unit="G">17</size>
      </memory>
    </hardware>
  </overwrite>
  <overwrite>
    <conditions>
      <arch>x86_64</arch>
@@ -57,4 +67,14 @@
      </memory>
    </hardware>
  </overwrite>
  <overwrite>
    <conditions>
      <arch>riscv64</arch>
    </conditions>
    <hardware>
      <memory>
        <size unit="G">28</size>
      </memory>
    </hardware>
  </overwrite>
 </constraints>
--- a/create-tar.sh
+++ b/create-tar.sh
@@ -84,6 +84,7 @@ function set_internal_variables() {
  FTP_URL="https://ftp.mozilla.org/pub/$PRODUCT/releases/$VERSION$VERSION_SUFFIX/source"
  FTP_CANDIDATES_BASE_URL="https://ftp.mozilla.org/pub/%s/candidates"
  LOCALES_URL="https://product-details.mozilla.org/1.0/l10n"
  FF_L10N_MONOREPO="https://github.com/mozilla-l10n/firefox-l10n"
  PRODUCT_URL="https://product-details.mozilla.org/1.0"
  ALREADY_EXTRACTED_LOCALES_FILE=0
 }
@@ -137,7 +138,7 @@ function get_source_stamp() {
  local BUILD_JSON=$(curl --silent --fail "$FTP_CANDIDATES_BASE_URL/$FTP_CANDIDATES_JSON_SUFFIX") || return 1;
  local REV=$(echo "$BUILD_JSON" | jq .moz_source_stamp)
  local SOURCE_REPO=$(echo "$BUILD_JSON" | jq .moz_source_repo)
-  local TIMESTAMP=$(echo "$BUILD_JSON" | jq .buildid)
+  TIMESTAMP=$(echo "$BUILD_JSON" | jq .buildid)
  echo "Extending $TAR_STAMP with:"
  echo "RELEASE_REPO=${SOURCE_REPO}"
  echo "RELEASE_TAG=${REV}"
@@ -428,7 +429,7 @@ function clone_and_repackage_sources() {
  # get repo and source stamp
  local REV=$(hg -R . parent --template="{node|short}\n")
  local SOURCE_REPO=$(hg showconfig paths.default 2>/dev/null | head -n1 | sed -e "s/^ssh:/https:/")
-  local TIMESTAMP=$(date +%Y%m%d%H%M%S)
+  TIMESTAMP=$(date +%Y%m%d%H%M%S)
  if [ "$PRODUCT" = "thunderbird" ]; then
    pushd comm || exit 1
@@ -500,10 +501,6 @@ function clone_and_repackage_locales() {
    FF_L10N_BASE="l10n_ff"
  fi
  test ! -d $FF_L10N_BASE && mkdir $FF_L10N_BASE
  # No-op, if we are building FF:
  test ! -d $FINAL_L10N_BASE && mkdir $FINAL_L10N_BASE
  # This is only relevant for Thunderbird-builds
  # Here, the relevant directories we need to copy from FF and from TB
  # are specified in a python-file in the tarball
@@ -512,33 +509,42 @@ function clone_and_repackage_locales() {
  tb_locale_template=$(get_locales_directories "COMM_STRINGS_PATTERNS")
  echo "Fetching Browser locales..."
-  jq -r 'to_entries[]| "\(.key) \(.value|.revision)"' "$FF_LOCALE_FILE" | \
+  if [ -d "$FF_L10N_BASE/.git" ]; then
-    while read -r locale changeset ; do
+    pushd "$FF_L10N_BASE/" || exit 1
-      case $locale in
+    git fetch -a || exit 1
-        ja-JP-mac|en-US)
+    popd || exit 1
-          ;;
+  else
-        *)
+    git clone "$FF_L10N_MONOREPO" "$FF_L10N_BASE" || exit 1
-          echo "reading changeset information for $locale"
+  fi
-          echo "fetching $locale changeset $changeset ..."
+  # Currently all locales show the same changeset-hash, as they moved to a monorepo. We just take the first one.
-          if [ -d "$FF_L10N_BASE/$locale/.hg" ]; then
+  changeset=$(jq -r 'to_entries[0]| "\(.key) \(.value|.revision)"' "$FF_LOCALE_FILE" | cut -d " " -f 2)
-            pushd "$FF_L10N_BASE/$locale" || exit 1
+  [ "$RELEASE_TAG" == "default" ] || git -C "$FF_L10N_BASE/" switch --detach "$changeset" || exit 1
            hg pull || exit 1
            popd || exit 1
          else
            hg clone "https://hg.mozilla.org/l10n-central/$locale" "$FF_L10N_BASE/$locale" || exit 1
          fi
          [ "$RELEASE_TAG" == "default" ] || hg -R "$FF_L10N_BASE/$locale" up -C -r "$changeset" || exit 1
-          # If we are doing TB, we have to merge both l10n-repos
+  # No-op, if we are building FF:
-          if [ "$PRODUCT" = "thunderbird" ] && test -d "$TB_L10N_BASE/$locale/" ; then
+  test ! -d $FINAL_L10N_BASE && mkdir $FINAL_L10N_BASE
  # If we are doing TB, we have to merge both l10n-repos
  if [ "$PRODUCT" = "thunderbird" ] && test -d "$TB_L10N_BASE/$locale/" ; then
    jq -r 'to_entries[]| "\(.key) \(.value|.revision)"' "$FF_LOCALE_FILE" | \
      while read -r locale changeset ; do
        case $locale in
          ja-JP-mac|en-US)
            ;;
          *)
            create_and_copy_locales "$locale" "$FF_L10N_BASE" "$ff_locale_template" "$FINAL_L10N_BASE"
            create_and_copy_locales "$locale" "$TB_L10N_BASE" "$tb_locale_template" "$FINAL_L10N_BASE"
-          fi
+            ;;
-          ;;
+        esac
-      esac
+      done
-    done
+  fi
  echo "creating l10n archive..."
  local TAR_FLAGS="--exclude-vcs"
  # For reproducable tarballs
  # Convert TIMESTAMP to ISO-format, so tar can understand it, then set mtime to it
  local MTIME=$(python3 -c "from datetime import datetime; print(datetime.strptime(${TIMESTAMP}, '%Y%m%d%H%M%S').isoformat())")
  TAR_FLAGS="$TAR_FLAGS --sort=name --format=posix --pax-option=delete=atime,delete=ctime,exthdr.name=%d/PaxHeaders/%f --numeric-owner --owner=0 --group=0 --mode=go+u,go-w --clamp-mtime --mtime=$MTIME"
  if [ "$PRODUCT" = "thunderbird" ]; then
    TAR_FLAGS="$TAR_FLAGS --exclude=suite"
  fi
--- a/l10n-115.15.0.tar.xz
+++ b/l10n-115.15.0.tar.xz
@@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:14f891ecacb5296f675dad6075e512089902824b28928c20ea3a2998797db58b
 size 30459468
--- a/l10n-140.1.1esr.tar.xz
+++ b/l10n-140.1.1esr.tar.xz
@@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:3d1d482a383d9349a05e261282be243872f2097edb5d45b235651e6180ce65e2
 size 33282056
--- a/mozilla-bmo1504834-part1.patch
+++ b/mozilla-bmo1504834-part1.patch
@@ -2,9 +2,10 @@
 # Parent  9fcbd287056a40084b1e679f787bf683b291f323
 Taken from https://bugzilla.mozilla.org/show_bug.cgi?id=1504834
-diff --git a/gfx/2d/DrawTargetSkia.cpp b/gfx/2d/DrawTargetSkia.cpp
+Index: firefox-128.0/gfx/2d/DrawTargetSkia.cpp
--- a/gfx/2d/DrawTargetSkia.cpp
+===================================================================
-+++ b/gfx/2d/DrawTargetSkia.cpp
+--- firefox-128.0.orig/gfx/2d/DrawTargetSkia.cpp
 +++ firefox-128.0/gfx/2d/DrawTargetSkia.cpp
@@ -156,7 +156,8 @@ static IntRect CalculateSurfaceBounds(co
 }
@@ -15,9 +16,10 @@ diff --git a/gfx/2d/DrawTargetSkia.cpp b/gfx/2d/DrawTargetSkia.cpp
 static bool VerifyRGBXFormat(uint8_t* aData, const IntSize& aSize,
                              const int32_t aStride, SurfaceFormat aFormat) {
-diff --git a/gfx/2d/Types.h b/gfx/2d/Types.h
+Index: firefox-128.0/gfx/2d/Types.h
--- a/gfx/2d/Types.h
+===================================================================
-+++ b/gfx/2d/Types.h
+--- firefox-128.0.orig/gfx/2d/Types.h
 +++ firefox-128.0/gfx/2d/Types.h
@@ -89,18 +89,11 @@ enum class SurfaceFormat : int8_t {
   // This represents the unknown format.
   UNKNOWN,  // TODO: Replace uses with Maybe<SurfaceFormat>.
@@ -40,10 +42,11 @@ diff --git a/gfx/2d/Types.h b/gfx/2d/Types.h
   // The following values are OS and endian-independent synonyms.
   //
-diff --git a/gfx/skia/skia/modules/skcms/skcms.cc b/gfx/skia/skia/modules/skcms/skcms.cc
+Index: firefox-128.0/gfx/skia/skia/modules/skcms/skcms.cc
--- a/gfx/skia/skia/modules/skcms/skcms.cc
+===================================================================
-+++ b/gfx/skia/skia/modules/skcms/skcms.cc
+--- firefox-128.0.orig/gfx/skia/skia/modules/skcms/skcms.cc
-@@ -30,6 +30,8 @@
+++ firefox-128.0/gfx/skia/skia/modules/skcms/skcms.cc
@@ -31,6 +31,8 @@
         #include <avx512fintrin.h>
         #include <avx512dqintrin.h>
     #endif
@@ -51,7 +54,7 @@ diff --git a/gfx/skia/skia/modules/skcms/skcms.cc b/gfx/skia/skia/modules/skcms/
 +    #define SKCMS_PORTABLE
 #endif
- static bool runtime_cpu_detection = true;
+ using namespace skcms_private;
@@ -324,20 +326,28 @@ enum {
 static uint16_t read_big_u16(const uint8_t* ptr) {
     uint16_t be;
--- a/mozilla-bmo1504834-part3.patch
+++ b/mozilla-bmo1504834-part3.patch
@@ -1,17 +0,0 @@
 # HG changeset patch
 # Parent  09cd4ac2cc607e85aa572425b824fbab386af607
 For FF68, AntiAliasing of XULTexts seem to be broken on big endian (s390x). Text and icons of the sandwich-menu to the
 right of the address bar, as well as plugin-windows appears transparant, which usually means unreadable (white on white).
 diff --git a/gfx/skia/skia/src/opts/SkBlitMask_opts.h b/gfx/skia/skia/src/opts/SkBlitMask_opts.h
 --- a/gfx/skia/skia/src/opts/SkBlitMask_opts.h
 +++ b/gfx/skia/skia/src/opts/SkBlitMask_opts.h
@@ -210,6 +210,8 @@ namespace SK_OPTS_NS {
             //   ~~~>
             // a = 1*aa + d(1-1*aa) = aa + d(1-aa)
             // c = 0*aa + d(1-1*aa) =      d(1-aa)
 +            // TODO: Check this for endian-issues!
 +            //       Do we need to switch 255 to the front for all of those tuples?
             return (aa & Sk4px(skvx::byte16{0,0,0,255, 0,0,0,255, 0,0,0,255, 0,0,0,255}))
                  + d.approxMulDiv255(aa.inv());
         };
--- a/mozilla-bmo1512162.patch
+++ b/mozilla-bmo1512162.patch
@@ -1,35 +0,0 @@
 # HG changeset patch
 # Parent  f9f5af4c88f2f3172a4f30d7e42bd2131bf24146
 This fixes a broken build for gcc < 9 on ppc64le.
 This patch can be removed for newer gcc-versions.
 Index: firefox-115.0/js/xpconnect/src/XPCWrappedNative.cpp
 ===================================================================
 --- firefox-115.0.orig/js/xpconnect/src/XPCWrappedNative.cpp
 +++ firefox-115.0/js/xpconnect/src/XPCWrappedNative.cpp
@@ -1061,7 +1061,11 @@ class MOZ_STACK_CLASS CallMethodHelper f
   MOZ_ALWAYS_INLINE bool GetOutParamSource(uint8_t paramIndex,
                                            MutableHandleValue srcp) const;
 -  MOZ_ALWAYS_INLINE bool GatherAndConvertResults();
 +#if !(__GNUC__ && __linux__ && __PPC64__ && _LITTLE_ENDIAN)
 +// Work around a compiler bug on ppc64le (bug 1512162).
 +  MOZ_ALWAYS_INLINE
 +#endif
 +  bool GatherAndConvertResults();
   MOZ_ALWAYS_INLINE bool QueryInterfaceFastPath();
@@ -1108,7 +1112,11 @@ class MOZ_STACK_CLASS CallMethodHelper f
   ~CallMethodHelper();
 -  MOZ_ALWAYS_INLINE bool Call();
 +#if !(__GNUC__ && __linux__ && __PPC64__ && _LITTLE_ENDIAN)
 +// Work around a compiler bug on ppc64le (bug 1512162).
 +  MOZ_ALWAYS_INLINE
 +#endif
 +  bool Call();
   // Trace implementation so we can put our CallMethodHelper in a Rooted<T>.
   void trace(JSTracer* aTrc);
--- a/mozilla-bmo1775202.patch
+++ b/mozilla-bmo1775202.patch
@@ -1,26 +0,0 @@
 From: Mike Hommey <mh@glandium.org>
 Date: Sun, 14 Aug 2022 07:01:33 +0900
 Subject: Work around bz#1775202 to fix FTBFS on ppc64el
 ---
 third_party/libwebrtc/moz.build | 7 +++++++
 1 file changed, 7 insertions(+)
 diff --git a/third_party/libwebrtc/moz.build b/third_party/libwebrtc/moz.build
 index 976cf373..311519c 100644
 --- a/third_party/libwebrtc/moz.build
 +++ b/third_party/libwebrtc/moz.build
@@ -566,6 +566,13 @@ if CONFIG["CPU_ARCH"] == "arm" and CONFIG["OS_TARGET"] == "Linux":
         "/third_party/libwebrtc/third_party/pipewire/pipewire_gn"
     ]
 +if CONFIG["CPU_ARCH"] == "ppc64" and CONFIG["OS_TARGET"] == "Linux":
 +
 +    DIRS += [
 +        "/third_party/libwebrtc/modules/desktop_capture/desktop_capture_gn",
 +        "/third_party/libwebrtc/modules/desktop_capture/primitives_gn",
 +    ]
 +
 if CONFIG["CPU_ARCH"] == "x86" and CONFIG["OS_TARGET"] == "Linux":
     DIRS += [
--- a/mozilla-fix-aarch64-libopus.patch
+++ b/mozilla-fix-aarch64-libopus.patch
@@ -1,15 +0,0 @@
 # HG changeset patch
 # Parent  af2c24874d79cbebb444727ae96f2fefa3f22b47
 diff --git a/media/libopus/silk/arm/arm_silk_map.c b/media/libopus/silk/arm/arm_silk_map.c
 --- a/media/libopus/silk/arm/arm_silk_map.c
 +++ b/media/libopus/silk/arm/arm_silk_map.c
@@ -28,7 +28,7 @@ POSSIBILITY OF SUCH DAMAGE.
 # include "config.h"
 #endif
 -#include "main_FIX.h"
 +#include "../fixed/main_FIX.h"
 #include "NSQ.h"
 #include "SigProc_FIX.h"
--- a/mozilla-fix-issues-with-llvm18.patch
+++ b/mozilla-fix-issues-with-llvm18.patch
@@ -1,94 +0,0 @@
 Adapt the shipped rust-bindgen copy for LLVM-18 and later,
 and tell cargo we've modified the code of rust-bindgen so
 the checksum verification of this crate should be skipped
 diff -rup a/Cargo.lock b/Cargo.lock
 --- a/Cargo.lock        2024-03-14 06:21:23.000000000 +0100
 +++ b/Cargo.lock        2024-03-20 13:15:35.146224179 +0100
@@ -414,8 +414,8 @@ dependencies = [
 [[package]]
 name = "bindgen"
 version = "0.64.0"
 -source = "registry+https://github.com/rust-lang/crates.io-index"
 -checksum = "c4243e6031260db77ede97ad86c27e501d646a27ab57b59a574f725d98ab1fb4"
 +#source = "registry+https://github.com/rust-lang/crates.io-index"
 +#checksum = "c4243e6031260db77ede97ad86c27e501d646a27ab57b59a574f725d98ab1fb4"
 dependencies = [
  "bitflags 1.3.2",
  "cexpr",
 diff -rup a/Cargo.toml b/Cargo.toml
 --- a/Cargo.toml        2024-03-20 13:09:16.152828408 +0100
 +++ b/Cargo.toml        2024-03-20 13:14:09.072867031 +0100
@@ -193,3 +193,8 @@ weedle2 = "=4.0.0"
 # Shut up such messages for now to make the build succeed
 [future-incompat-report]
 frequency = "never"
 +
 +[patch.crates-io.bindgen_0_64_0]
 +package = "bindgen"
 +version = "0.64.0"
 +path = "third_party/rust/bindgen"
 diff -rup a/third_party/rust/bindgen/ir/item.rs b/third_party/rust/bindgen/ir/item.rs
 --- a/third_party/rust/bindgen/ir/item.rs        2024-03-14 06:21:40.000000000 +0100
 +++ b/third_party/rust/bindgen/ir/item.rs        2024-03-20 13:11:32.062844514 +0100
@@ -1434,6 +1434,7 @@ impl Item {
             // We allowlist cursors here known to be unhandled, to prevent being
             // too noisy about this.
             match cursor.kind() {
 +                CXCursor_LinkageSpec => return Err(ParseError::Recurse),
                 CXCursor_MacroDefinition |
                 CXCursor_MacroExpansion |
                 CXCursor_UsingDeclaration |
 Adapt the WebRTC code to use 64-bit timestamp to fix a build
 failure with Clang-18 and later
 diff -rup a/dom/media/gmp-plugin-openh264/gmp-fake-openh264.cpp b/dom/media/gmp-plugin-openh264/gmp-fake-openh264.cpp
 --- a/dom/media/gmp-plugin-openh264/gmp-fake-openh264.cpp        2024-03-14 06:21:25.000000000 +0100
 +++ b/dom/media/gmp-plugin-openh264/gmp-fake-openh264.cpp        2024-03-20 13:17:20.839584778 +0100
@@ -99,7 +99,7 @@ struct EncodedFrame {
     uint8_t y_;
     uint8_t u_;
     uint8_t v_;
 -    uint32_t timestamp_;
 +    uint64_t timestamp_;
   } idr_nalu;
 };
 #pragma pack(pop)
 diff -rup a/dom/media/gtest/TestGMPRemoveAndDelete.cpp b/dom/media/gtest/TestGMPRemoveAndDelete.cpp
 --- a/dom/media/gtest/TestGMPRemoveAndDelete.cpp        2024-03-14 06:21:25.000000000 +0100
 +++ b/dom/media/gtest/TestGMPRemoveAndDelete.cpp        2024-03-20 13:17:20.839584778 +0100
@@ -361,7 +361,7 @@ void GMPRemoveTest::gmp_Decode() {
       uint8_t y_;
       uint8_t u_;
       uint8_t v_;
 -      uint32_t timestamp_;
 +      uint64_t timestamp_;
     } idr_nalu;
   };
 #pragma pack(pop)
 diff -rup a/dom/media/webrtc/libwebrtcglue/WebrtcGmpVideoCodec.cpp b/dom/media/webrtc/libwebrtcglue/WebrtcGmpVideoCodec.cpp
 --- a/dom/media/webrtc/libwebrtcglue/WebrtcGmpVideoCodec.cpp        2024-03-14 06:21:24.000000000 +0100
 +++ b/dom/media/webrtc/libwebrtcglue/WebrtcGmpVideoCodec.cpp        2024-03-20 13:17:20.842918112 +0100
@@ -540,7 +540,7 @@ void WebrtcGmpVideoEncoder::Encoded(
   webrtc::VideoFrameType ft;
   GmpFrameTypeToWebrtcFrameType(aEncodedFrame->FrameType(), &ft);
 -  uint32_t timestamp = (aEncodedFrame->TimeStamp() * 90ll + 999) / 1000;
 +  uint64_t timestamp = (aEncodedFrame->TimeStamp() * 90ll + 999) / 1000;
   GMP_LOG_DEBUG("GMP Encoded: %" PRIu64 ", type %d, len %d",
                 aEncodedFrame->TimeStamp(), aEncodedFrame->BufferType(),
 diff -rup a/dom/media/webrtc/libwebrtcglue/WebrtcGmpVideoCodec.h b/dom/media/webrtc/libwebrtcglue/WebrtcGmpVideoCodec.h
 --- a/dom/media/webrtc/libwebrtcglue/WebrtcGmpVideoCodec.h        2024-03-14 06:21:24.000000000 +0100
 +++ b/dom/media/webrtc/libwebrtcglue/WebrtcGmpVideoCodec.h        2024-03-20 13:17:32.442921055 +0100
@@ -302,7 +302,7 @@ class WebrtcGmpVideoEncoder : public GMP
     int64_t timestamp_us;
   };
   // Map rtp time -> input image data
 -  DataMutex<std::map<uint32_t, InputImageData>> mInputImageMap;
 +  DataMutex<std::map<uint64_t, InputImageData>> mInputImageMap;
   MediaEventProducer<uint64_t> mInitPluginEvent;
   MediaEventProducer<uint64_t> mReleasePluginEvent;
--- a/mozilla-fix-top-level-asm.patch
+++ b/mozilla-fix-top-level-asm.patch
@@ -1,66 +0,0 @@
 From 91bb79836ee274855393bdf6ab10e24899b1b349 Mon Sep 17 00:00:00 2001
 From: Martin Liska <mliska@suse.cz>
 Date: Fri, 17 May 2019 14:41:35 +0200
 Subject: [PATCH] Fix top-level asm issue.
 ---
 security/sandbox/linux/moz.build | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
 diff --git a/security/sandbox/linux/moz.build b/security/sandbox/linux/moz.build
 --- a/security/sandbox/linux/moz.build
 +++ b/security/sandbox/linux/moz.build
@@ -66,32 +66,32 @@ UNIFIED_SOURCES += [
     "../chromium/base/time/time_now_posix.cc",
     "../chromium/sandbox/linux/bpf_dsl/bpf_dsl.cc",
     "../chromium/sandbox/linux/bpf_dsl/codegen.cc",
     "../chromium/sandbox/linux/bpf_dsl/dump_bpf.cc",
     "../chromium/sandbox/linux/bpf_dsl/policy.cc",
     "../chromium/sandbox/linux/bpf_dsl/policy_compiler.cc",
     "../chromium/sandbox/linux/bpf_dsl/syscall_set.cc",
     "../chromium/sandbox/linux/seccomp-bpf/die.cc",
 -    "../chromium/sandbox/linux/seccomp-bpf/syscall.cc",
     "broker/SandboxBrokerCommon.cpp",
     "Sandbox.cpp",
     "SandboxBrokerClient.cpp",
     "SandboxFilter.cpp",
     "SandboxFilterUtil.cpp",
     "SandboxHooks.cpp",
     "SandboxInfo.cpp",
     "SandboxLogging.cpp",
     "SandboxOpenedFiles.cpp",
     "SandboxReporterClient.cpp",
 ]
 SOURCES += [
     "../chromium/base/strings/safe_sprintf.cc",
     "../chromium/base/third_party/icu/icu_utf.cc",
 +    "../chromium/sandbox/linux/seccomp-bpf/syscall.cc",
     "../chromium/sandbox/linux/seccomp-bpf/trap.cc",
     "../chromium/sandbox/linux/services/syscall_wrappers.cc",
 ]
 # This copy of SafeSPrintf doesn't need to avoid the Chromium logging
 # dependency like the one in libxul does, but this way the behavior is
 # consistent.  See also the comment in SandboxLogging.h.
 SOURCES["../chromium/base/strings/safe_sprintf.cc"].flags += ["-DNDEBUG"]
@@ -105,16 +105,19 @@ if CONFIG["CC_TYPE"] in ("clang", "gcc")
         "-Wno-unreachable-code-return"
     ]
 if CONFIG["CC_TYPE"] in ("clang", "gcc"):
     CXXFLAGS += ["-Wno-error=stack-protector"]
     SOURCES["../chromium/sandbox/linux/services/syscall_wrappers.cc"].flags += [
         "-Wno-empty-body",
     ]
 +    SOURCES['../chromium/sandbox/linux/seccomp-bpf/syscall.cc'].flags += [
 +        '-fno-lto'
 +    ]
 # gcc lto likes to put the top level asm in syscall.cc in a different partition
 # from the function using it which breaks the build.  Work around that by
 # forcing there to be only one partition.
 for f in CONFIG["OS_CXXFLAGS"]:
     if f.startswith("-flto") and CONFIG["CC_TYPE"] != "clang":
         LDFLAGS += ["--param lto-partitions=1"]
--- a/mozilla-kde.patch
+++ b/mozilla-kde.patch
--- a/mozilla-libavcodec58_91.patch
+++ b/mozilla-libavcodec58_91.patch
@@ -1,16 +1,12 @@
 # HG changeset patch
 # Parent  60fc1933af9d4f1769025a6f1d9a60db6b899315
-diff --git a/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp b/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp
+Index: firefox-127.0/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp
--- a/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp
+===================================================================
-+++ b/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp
+--- firefox-127.0.orig/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp
-@@ -36,16 +36,18 @@ static const char* sLibs[] = {
+++ firefox-127.0/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp
-   "libavcodec.54.dylib",
+@@ -49,6 +49,8 @@ static const char* sLibs[] = {
-   "libavcodec.53.dylib",
+   "libavcodec.so.61",
 #elif defined(XP_OPENBSD)
   "libavcodec.so", // OpenBSD hardly controls the major/minor library version
                    // of ffmpeg and update it regulary on ABI/API changes
 #else
   "libavcodec.so.60",
   "libavcodec.so.59",
 +  "libavcodec.so.58.134",
@@ -18,8 +14,3 @@ diff --git a/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp b/dom/media/plat
   "libavcodec.so.58",
   "libavcodec-ffmpeg.so.58",
   "libavcodec-ffmpeg.so.57",
   "libavcodec-ffmpeg.so.56",
   "libavcodec.so.57",
   "libavcodec.so.56",
   "libavcodec.so.55",
   "libavcodec.so.54",
--- a/mozilla-ntlm-full-path.patch
+++ b/mozilla-ntlm-full-path.patch
@@ -1,18 +1,14 @@
 # HG changeset patch
 # User Petr Cerny <pcerny@novell.com>
 # Parent 7308e4a7c1f769f4bbbc90870b849cadd99495a6
 # Parent  1c6a565013e4c5f3494f964269783939cd5ed0b8
 Bug 634334 - call to the ntlm_auth helper fails
-diff --git a/extensions/auth/nsAuthSambaNTLM.cpp b/extensions/auth/nsAuthSambaNTLM.cpp
+diff -ru thunderbird-140.0.1.old/extensions/auth/nsAuthSambaNTLM.cpp thunderbird-140.0.1/extensions/auth/nsAuthSambaNTLM.cpp
--- a/extensions/auth/nsAuthSambaNTLM.cpp
+--- thunderbird-140.0.1.old/extensions/auth/nsAuthSambaNTLM.cpp	2025-07-09 19:15:12.000000000 -0500
-+++ b/extensions/auth/nsAuthSambaNTLM.cpp
+++ thunderbird-140.0.1/extensions/auth/nsAuthSambaNTLM.cpp	2025-07-14 23:33:57.065780950 -0500
-@@ -160,7 +160,7 @@ nsresult nsAuthSambaNTLM::SpawnNTLMAuthH
+@@ -153,7 +153,7 @@
-   const char* username = PR_GetEnv("USER");
+     options.fds_to_remap.push_back(
-   if (!username) return NS_ERROR_FAILURE;
+         std::pair{fromChildPipeWrite.get(), STDOUT_FILENO});
 -    std::vector<std::string> argvVec{"ntlm_auth",        "--helper-protocol",
 +    std::vector<std::string> argvVec{"/usr/bin/ntlm_auth", "--helper-protocol",
                                      "ntlmssp-client-1", "--use-cached-creds",
                                      "--username",       username};
 -  const char* const args[] = {"ntlm_auth",
 +  const char* const args[] = {"/usr/bin/ntlm_auth",
                               "--helper-protocol",
                               "ntlmssp-client-1",
                               "--use-cached-creds",
--- a/mozilla-partial-revert-1768632.patch
+++ b/mozilla-partial-revert-1768632.patch
@@ -1,13 +0,0 @@
 Index: firefox-102.4.0/mfbt/EnumSet.h
 ===================================================================
 --- firefox-102.4.0.orig/mfbt/EnumSet.h
 +++ firefox-102.4.0/mfbt/EnumSet.h
@@ -326,7 +326,7 @@ class EnumSet {
     }
   }
 -  static constexpr size_t kMaxBits = MaxBits();
 +  static constexpr size_t kMaxBits = EnumSet().MaxBits();
   Serialized mBitField;
--- a/mozilla-rust-disable-future-incompat.patch
+++ b/mozilla-rust-disable-future-incompat.patch
@@ -1,12 +0,0 @@
 diff -rup a/Cargo.toml b/Cargo.toml
 --- a/Cargo.toml	2023-07-04 15:15:01.089470619 +0200
 +++ b/Cargo.toml	2023-07-04 15:24:31.626226962 +0200
@@ -188,3 +188,8 @@ uniffi_bindgen = "=0.23.0"
 uniffi_build = "=0.23.0"
 uniffi_macros = "=0.23.0"
 weedle2 = "=4.0.0"
 +
 +# Package code v0.1.4 uses code "that will be rejected by a future version of Rust"
 +# Shut up such messages for now to make the build succeed
 +[future-incompat-report]
 +frequency = "never"
--- a/mozilla-silence-no-return-type.patch
+++ b/mozilla-silence-no-return-type.patch
--- a/mozilla.keyring
+++ b/mozilla.keyring
@@ -2,19 +2,20 @@ This file contains the public PGP key that is used to sign builds and
 artifacts of Mozilla projects (such as Firefox and Thunderbird).
 Please realize that this file itself or the public key servers may be
-compromised.  You are encouraged to validate the authenticity of these keys in
+compromised.  You are encouraged to validate the authenticity of these
-an out-of-band manner.
+keys in an out-of-band manner.
-Mozilla users: pgp < KEY
+gpg --show-keys < KEY
 pub   rsa4096 2015-07-17 [SC]
      14F26682D0916CDD81E37B6D61B7B526D98F0353
-uid           [  full  ] Mozilla Software Releases <release@mozilla.com>
+uid                      Mozilla Software Releases <release@mozilla.com>
 sub   rsa4096 2021-05-17 [S] [expired: 2023-05-17]
 sub   rsa4096 2015-07-17 [S] [expired: 2017-07-16]
 sub   rsa4096 2017-06-22 [S] [expired: 2019-06-22]
 sub   rsa4096 2019-05-30 [S] [expired: 2021-05-29]
 sub   rsa4096 2021-05-17 [S] [expired: 2023-05-17]
 sub   rsa4096 2023-05-05 [S] [expires: 2025-05-04]
 sub   rsa4096 2025-03-13 [S] [expires: 2027-03-13]
 -----BEGIN PGP PUBLIC KEY BLOCK-----
@@ -400,6 +401,41 @@ W81ABx4ASBktXAf1IweRbbxqW8OgMhG6xHTeiEjjav7SmlD0XVOxjhI+qBoNPovW
 lChqONxablBkuh0Jd6kdNiaSEM9cd60kK3GT/dBMyv0yVhhLci6HQZ+Mf4cbn0Kt
 ayzuQLOcdRCN3FF/JNQH3v6LA1MdRfmJlgC4UdiepBb1uCgtVIPizRuXWDjyjzeP
 ZRN/AqaUbEoNBHhIz0nKhQGDbst4ugIzJWIX+6UokwPC3jvJqQQttccjAy6kXBmx
-fxyRMB5BEeLY0+qVPyvOxpXEGnlSHYmdIS4=
+fxyRMB5BEeLY0+qVPyvOxpXEGnlSHYmdIS65Ag0EZ9KQfQEQAOVIyh0sZPPFLWxo
-=ZEQW
+FT0WhPzHw8BhgnCBNdZAh9+SM0Apq2VcQKSjBjKiterOTtc6EVh0K2ikbGKHQ1Sv
 wNdsYL01cSkJSJORig/1Du1eh+2nlo8nut7xT//V+2FQyWFCLDeQvLlAs3QHMrMY
 xTcwNk3qi/z1Z5Q4e6Re2aKRU00LtSomD6CKWy9nAaqTRNzzdndJwIyCyshX4bbU
 zAzE7Wbgh/E0/FgBGw87LYITqyU6US4lvoUXB+89XxwMxO9I74L118gXEyybz+JN
 0/w87hXAKnaKjasSvobKE4mau8SXqmOO66MxiMaF4Xsmr3oIwo8q9W5d+hA+t225
 ipq2rZZErmPL44deMCeKmepjLTa9CoxX2oVpDWGOYFRyJRkLDyyH4O3gCo/5qv4r
 OTJqPFfKPtrjWFJKGf4P4UD0GSBX2Q+mOf2XHWsMJE4t8T7jxQCSAQUMwt6M18h1
 auIqcfkuNvdJhcl2GvJyCMIbkA3AoiuKaSPgoVCmJdbc6Ao9ydmMUB5Q1rYpMNKC
 MsuVP9OcX8FoHEVMXOvr0f6Wfj+iHytfO2VTqrw/cqoCyuPoSrgxjs1/cRSz5g9f
 Z0zrOtQyNB5yJ3YPTG3va1/XLflrjPcT4ZUkej9nkFpCNWdEZVWD/z3vXBGSV11N
 9Cdy60QbD4yZvDjV2GQ+dwAF1o1BABEBAAGJBHIEGAEKACYWIQQU8maC0JFs3YHj
 e21ht7Um2Y8DUwUCZ9KQfQIbAgUJA8JnAAJACRBht7Um2Y8DU8F0IAQZAQoAHRYh
 BAm+7WPzRiot/6s7h17LZJfBogJWBQJn0pB9AAoJEF7LZJfBogJW9I4QAJbv4Rhb
 4x6Jl75x2Lfp46/e3fZVDhzUdLjK8A/acRF7JRBuJVJRaijJ5tngdknmlmbzfqly
 zsMWUciAwVJRvijNFDeicet5zJpBRsXEUAug3iVCD1KlVvLzjCi9Eb9s6xCQjSJ8
 DZE020s41wdqtb1nziDASAkg+YH2DzpTEaZVNM39uNDKbaJLYIjKA9MV1YHArqUl
 dFsoofBe4zIZRFyvMD7Gmr7Xm0IWYLrfmnenm1JJYIkvGUeVoP8dEonAVhLVwvww
 ufobV0qdtMfhZsgFwf1XSHI9MtD4yAVtBqBTkfFeRLnBjJK/ywYxGqbadt1b57I4
 ywTQ16oXNrlTF1Su0I8i/fo0i/9ohNl3opN3LbaEbhT37M4xpy4MgL2Fthddc2gW
 vF/8TFRaXw7LaLSR7HwO+Y0CpOtV/Ct4RzKEulY5DpV9b1JQJhpLcjMz+pBDAM3K
 JuiV6Bcfoz5PZowFy74UmE02Vzk/oyuI/o4KMihy0UzWQVkOZTTu4eONktgGiZOn
 RFdiLKVgeLEDXTLdhbuwGS2+wX3I7lLP9AWpK8Ahc81eUwU6MwdbfwfJ1ELtKaa/
 JmMjaWkr5aGrp88d8ePR9jYA47Z2q0esB67pRJVe0McVJlu9GQGq05S7lZKs6mi9
 dHTzeHwua//IXHMK0s3WhMU7vGwJ3E2+pTstf8AQALSwkezD3QchPV+5CAUYY7Cm
 MXB6zzIU18wCS61Y8QdDvqmtWHdMVTp4xT14fS6cvB4uFzacGQJ7CVIWeZgwEFzZ
 iev3dKpnUOGg0WQSwmQQA0JCg6/qS0AeUPINjhWtNcR7voCqAYeRcjo47UJclD/K
 KNTCn27btHRaEmpTdTtC6sxiVElFObb3a9tHXqwLWp8gJ+NZ+6mlrvvH2hm1CAyQ
 TDRYC7nN69QJrKHR8HA3AeR5figQHLwvmfQlV2erZE17GT+L5t0HxX/HKZCim91P
 Apqa+7iY0eKPAG5iacABrBi9zzh/ex0ovvuxsBDKUFCSu7HIivnAVrdS/kbO1qJ5
 I3MBMp0dlQ6PS6LeZIRhxts0aPPZedsXytoL7kFLISfJ55AuhJpskz+55uviJhp/
 H3zNBYtQ+dmFmp4RRk/Nvu0zv6OGtaZy6M5X24Pbzb/OApBML84cEmb3iZie9J2Z
 YW68/D96sP09x6GItCJlCIdQZkRcwmkQwgtq9sJDw92/vSGeYdRn+oCAxJ14eObC
 sVwcfJARLt45btEnx+zRCAHAHQHpV6qTGT6nqg57XuM9iNNdyTGKRU+Iklgb9LRx
 VAQfbn5uXYb5j2ox5pjxtbXTf9Lbo7RkygcWSKZPWmYgGsKS6jmXkDa/TyOlPxkb
 aknpPbYMBztRT4Ju0VU4
 =4Dnl
 -----END PGP PUBLIC KEY BLOCK-----
--- a/suse-default-prefs.js
+++ b/suse-default-prefs.js
@@ -18,3 +18,7 @@ pref("extensions.shownSelectionUI", true);
 // spellcheck
 pref("spellchecker.dictionary_path", "/usr/share/myspell");
 // (KDE) desktop support
 //pref("widget.use-xdg-desktop-portal.file-picker", 1);
--- a/16
+++ b/16
@@ -1,10 +1,10 @@
 PRODUCT="thunderbird"
-CHANNEL="esr115"
+CHANNEL="esr140"
-VERSION="115.15.0"
+VERSION="140.1.1"
-VERSION_SUFFIX=""
+VERSION_SUFFIX="esr"
-PREV_VERSION="115.14.0"
+REV_VERSION="140.1.0"
-PREV_VERSION_SUFFIX=""
+PREV_VERSION_SUFFIX="esr"
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
-RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr115"
+RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr140"
-RELEASE_TAG="aa5ac5425f0381ec6c3e3d9122b5b9d14cc7e60d"
+RELEASE_TAG="c2cef707a311a491572603b9902681f654964f08"
-RELEASE_TIMESTAMP="20240903191356"
+RELEASE_TIMESTAMP="20250805025534"
--- a/thunderbird-115.15.0.source.tar.xz
+++ b/thunderbird-115.15.0.source.tar.xz
@@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:eb04e62171586570e83ce538d4e2feca51c24b2def84fb5c1d0baa9269d41cc7
 size 534455612
--- a/thunderbird-115.15.0.source.tar.xz.asc
+++ b/thunderbird-115.15.0.source.tar.xz.asc
@@ -1,16 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmbXrwUACgkQ4207E/PZ
 MnSSXBAAjscNC/NThi+i8p+exea5QWpM96FZkF5eRJ/jS9dWLm2UH9xZDPyDCJvy
 PXArlpWlIWWG21Pws7fy4g3RZcceim94QWhgMd75DJCKmZ9dgKJLtZla3Qs226b9
 G1DwXfonJUEh/cd1fQQ3ewRUwdnzgjyRMvJeDDdzClKqApuEF9hr7h7aJNObzU1R
 2n2gEpQrKIpWT5ijTlcr4tBTGqs3JkmXhzsH68XpzqXspWcpSJzSiEntH2iBvC8Z
 dfedsgGBA03gbyuFd+haD3/vxsARHAmme/o5xbrUcUIrZTkRVpI6mnFY0CzFx30K
 IilGvGy1mW7oxyakNAQvPpSTCcy8FPXdbi1oGRN1nS8kgpJhiW0pb7m7oh5ul1xi
 Hw1nT3ZJfikr/U2t8nTsXwgiuEnG6hqEh5Us6QR/f8rEEWd9TrbfLWXW4NfWImHZ
 OafCrzLzAUK4nSzN6AI+ZQqUBq0mru6z67I1CX6t2KCo7GdZwDhsWm8CrN/I0JlF
 5RuimLUpCs6Q25ZuPFaLojQHzImgXO48Y/lUHtaDYSdHHBhF7GYhLj3zA3ljuDIv
 rxmJpSaMBgn4zk4igQn7y3ScY5Ht0yHHdd3bkewcD02AuOWqYyFKuYmm3kTU+GjZ
 nY9j30eL+zXgVDWuD4vlTFvgieag9P6+HK/K8uzflJ8FiHzXy6U=
 =VPte
 -----END PGP SIGNATURE-----
--- a/thunderbird-140.1.1esr.source.tar.xz
+++ b/thunderbird-140.1.1esr.source.tar.xz
@@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:136b160954abe2426ab26e46d35d946207ab5e217ac72d3ff5cb1b87680d4fcd
 size 753445400
--- a/thunderbird-140.1.1esr.source.tar.xz.asc
+++ b/thunderbird-140.1.1esr.source.tar.xz.asc
@@ -0,0 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCgAdFiEECb7tY/NGKi3/qzuHXstkl8GiAlYFAmiRqcYACgkQXstkl8Gi
 AlZscRAAuYghAziF92noBbHIfY1LZ21FdYuZuq058k8sgWkd6gdQ/Q+Vk4nfOFIn
 zrl76a2o8qRzkhhOPkRDQoYkdy2cmVTMANqF8mp3hE+LLOTmb9x5G9BgUDsWbIUd
 E3mcGRJ6LAfZeBjFJNKMTw94Vr4TOSWgS4KqEwo2RnL+1w65eCWTMnIRvcs1mYJD
 iLtZUvdLACx499ZY0vvzraCtVQFJ6+m8uzf+FXfIgJDL6XRV3H4rDPSjamgBuIKv
 QfL/toEGW+ZtqAr88u5gCLOfXNXziIk0TgLm5Wd0rnseGODQTSr/wLdEr6BROBle
 HU0CtxN15PVTTwZV1KH0mSgvEMlfi461Ii3Ct+HdF6i6HAbMORsfKlQPPn4JGiZT
 B4QXIohr0FTp73PH83nDCk1YvRl0kSHCUMjrTdchFVkOXTIW58eWTUA2zT6sFaMQ
 +NLA0xaKGVFBTD7NWgSbMGIgsZPDhnhJlpnGR4K9YuE1+F5hL7AMmAqkb/tGslAz
 LMOL6CiOSuOYckOan6uGtxCmb2h3FbCyjfRMtQbvT3V116ZBDle462gDo79pAJwC
 1CyF9RGnvDx9m4+N2NR8b9YZxyBdyVciEnzmf+KqOlj6hGPR4dPeizEzEIQK2ZXD
 ixScReBjDyyaTLivq7RBha4nHPVfWzYicA5CmWUxMGXmibW3NfM=
 =ccda
 -----END PGP SIGNATURE-----
--- a/thunderbird-fix-CVE-2024-34703.patch
+++ b/thunderbird-fix-CVE-2024-34703.patch
@@ -1,20 +0,0 @@
 https://github.com/randombit/botan/commit/94e9154c143aa5264da6254a6a1be5bc66ee2b5a
 diff --git a/comm/third_party/botan/src/lib/pubkey/ec_group/ec_group.cpp b/comm/third_party/botan/src/lib/pubkey/ec_group/ec_group.cpp
 index bb60bacf7ba..214751b4eb0 100644
 --- a/comm/third_party/botan/src/lib/pubkey/ec_group/ec_group.cpp
 +++ b/comm/third_party/botan/src/lib/pubkey/ec_group/ec_group.cpp
@@ -334,8 +334,11 @@ std::shared_ptr<EC_Group_Data> EC_Group::BER_decode_EC_group(const uint8_t bits[
          .end_cons()
          .verify_end();
 -      if(p.bits() < 64 || p.is_negative() || !is_bailie_psw_probable_prime(p))
 -         throw Decoding_Error("Invalid ECC p parameter");
 +      if(p.bits() < 112 || p.bits() > 1024)
 +         throw Decoding_Error("ECC p parameter is invalid size");
 +
 +      if(p.is_negative() || !is_bailie_psw_probable_prime(p))
 +         throw Decoding_Error("ECC p parameter is not a prime");
       if(a.is_negative() || a >= p)
          throw Decoding_Error("Invalid ECC a parameter");
--- a/thunderbird-silence-no-return.patch
+++ b/thunderbird-silence-no-return.patch
@@ -0,0 +1,12 @@
 Index: thunderbird-128.4.2/comm/mailnews/base/src/MboxMsgInputStream.cpp
 ===================================================================
 --- thunderbird-128.4.2.orig/comm/mailnews/base/src/MboxMsgInputStream.cpp
 +++ thunderbird-128.4.2/comm/mailnews/base/src/MboxMsgInputStream.cpp
@@ -263,6 +263,7 @@ class MboxParser {
       default:
         MOZ_ASSERT_UNREACHABLE();  // should not happen
     }
 +    return data;
   }
   // Attempt to parse a "From " line to extract sender and timestamp.