MozillaThunderbird-68.9.0-bp152.1.1

- Mozilla Thunderbird 68.9.0
  * fixed: Custom headers added for searching or filtering could
    not be removed (bmo#1631577)
  * fixed: Calendar: Today Pane updated prior to loading all data
    (bmo#1635613)
  * fixed: Stability improvements (bmo#1625677)
  * fixed: Various security fixes
  MFSA 2020-22 (bsc#1172402)
  * CVE-2020-12405 (bmo#1631618)
    Use-after-free in SharedWorkerService
  * CVE-2020-12406 (bmo#1639590)
    JavaScript Type confusion with NativeTypes
  * CVE-2020-12410 (bmo#1619305, bmo#1632717)
    Memory safety bugs fixed in Thunderbird 68.9.0
  * CVE-2020-12398 (bmo#1613623)
    Security downgrade with IMAP STARTTLS leads to information
    leakage

- Mozilla Thunderbird 68.8.1
  * fixed: IMAP stability improvements (bmo#1586494)
  * fixed: HTML tags in IRC topic changes were rendered
    incorrectly (bmo#1607097)
  * fixed: MailExtensions: Websockets could not be used
    (bmo#1627649)
- Use a symbolic icon from branding internals

- Mozilla Thunderbird 68.8.0
  * fixed: Account Manager: text fields were too small in some
    cases (bmo#1616387)
  * fixed: Account Manager: Authentication method did not update
    when selecting an SMTP server (bmo#1631437)
  * fixed: Links with embedded credentials did not open on
    Windows (bmo#1609451)
  * fixed: Messages were sometimes sent with a badly formed
    address when filled from the address book (bmo#1629842)
  * fixed: Accessibility: Screen readers were reporting too many
    activities from the status bar (bmo#1628891)
  * fixed: MailExtensions: Setting IMAP messages as read with
    browser.messages.updated failed to persist (bmo#1631184)
  * fixed: Various security fixes
  MFSA 2020-18 (bsc#1171186)
  * CVE-2020-12397 (bmo#1617370)
    Sender Email Address Spoofing using encoded Unicode
    characters
  * CVE-2020-12387 (bmo#1545345)
    Use-after-free during worker shutdown
  * CVE-2020-6831 (bmo#1632241)
    Buffer overflow in SCTP chunk input validation
  * CVE-2020-12392 (bmo#1614468)
    Arbitrary local file access with 'Copy as cURL'
  * CVE-2020-12393 (bmo#1615471)
    Devtools' 'Copy as cURL' feature did not fully escape
    website-controlled data, potentially leading to command
    injection
  * CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704,
    bmo#1624098, bmo#1625749, bmo#1626382, bmo#1628076,
    bmo#1631508)
    Memory safety bugs fixed in Thunderbird 68.8.0

- Mozilla Thunderbird 68.7.0
  * new: MailExtensions: Raw message source available to
    MailExtensions (bmo#1525274)
  * changed: MailExtensions: messages.update function extended to
    mark messages as junk or not junk (bmo#1598332)
  * changed: MailExtensions: browser.compose.begin functions no
    longer expand mailing lists (bmo#1612480)
  * fixed: Various improvements to account setup when connecting
    to an Exchange server (bmo#1598861)
  * fixed: Thread collapsed when opening news message in a new
    window (bmo#1526765)
  * fixed: Addons not automatically updated to compatible version
    after upgrade from Thunderbird 60 (bmo#1574183)
  * fixed: Updating addons did not prompt when requesting new
    permissions (bmo#1620861)
  * fixed: Extra recipients panel not keyboard-accessible
    (bmo#1612717)
  * fixed: Accessibility: Status bar was not detected by
    screenreaders (bmo#1621287)
  * fixed: MailExtensions: messages.query by folder name did not
    require accountsRead permission (bmo#1625793)
  * fixed: Calendar: Invitations with embedded null bytes did not
    always decode correctly (bmo#1623896)
  * fixed: Calendar: Cancelled events didn't show with a line-
    through (bmo#1621210)
  * fixed: Various security fixes
  MFSA 2020-14 (bsc#1168874)
  In general, these flaws cannot be exploited through email in
  Thunderbird because scripting is disabled when reading mail, but
  are potentially risks in browser or browser-like contexts.
  * CVE-2020-6819 (bmo#1620818, bsc#1168630)
    Use-after-free while running the nsDocShell destructor
  * CVE-2020-6820 (bmo#1626728, bsc#1168630)
    Use-after-free when handling a ReadableStream
  * CVE-2020-6821 (bmo#1625404, bsc#1168874)
    Uninitialized memory could be read when using the WebGL
    copyTexSubImage method
  * CVE-2020-6822 (bmo#1544181, bsc#1168874)
    Out of bounds write in GMPDecodeData when processing large images
  * CVE-2020-6825 (bmo#1572541,bmo#1620193,bmo#1620203, bsc#1168874)
    Memory safety bugs fixed in Thunderbird 68.7.0

- Mozilla Thunderbird 68.6
  * new: Thunderbird now displays a popup window when starting up
    on a new profile (bmo#1590036)
  * changed: Thunderbird now provides partial updates resulting
    in smaller downloads (bmo#1410512)
  * fixed: Searching in message bodies led to false negatives
    under some circumstances in quoted-printable encoded HTML
    bodies (bmo#1614796)
  * fixed: "Get New Messages for All Accounts" not working for
    OAuth2-authenticated IMAP accounts (bmo#1593611)
  * fixed: Various security fixes
  MFSA 2020-10 (bsc#1166238)
  * CVE-2020-6805 (bmo#1610880)
    Use-after-free when removing data about origins
  * CVE-2020-6806 (bmo#1612308)
    BodyStream::OnInputStreamReady was missing protections
    against state confusion
  * CVE-2020-6807 (bmo#1614971)
    Use-after-free in cubeb during stream destruction
  * CVE-2020-6811 (bmo#1607742)
    Devtools' 'Copy as cURL' feature did not fully escape
    website-controlled data, potentially leading to command
    injection
  * CVE-2019-20503 (bmo#1613765)
    Out of bounds reads in sctp_load_addresses_from_init
  * CVE-2020-6812 (bmo#1616661)
    The names of AirPods with personally identifiable information
    were exposed to websites with camera or microphone permission
  * CVE-2020-6814 (bmo#1592078, bmo#1604847, bmo#1608256,
    bmo#1612636, bmo#1614339)
    Memory safety bugs fixed in Thunderbird 68.6

- Mozilla Thunderbird 68.5
  * new: Support for Client Identity IMAP/SMTP Service Extension
    (bmo#1532388)
  * new: Support for OAuth 2.0 authentication for POP3 accounts
    (bmo#1538409)
  * fixed: Status area goes blank during account setup
    (bmo#1593122)
  * fixed: Calendar: Could not remove color for default
    categories (bmo#1584853)
  * fixed: Calendar: Prevent calendar component loading multiple
    times (bmo#1606375)
  * fixed: Calendar: Today pane did not retain width between
    sessions (bmo#1610207)
  * fixed: Various <a href="https://www.mozilla.org/en-
    US/security/known-
    vulnerabilities/thunderbird/#thunderbird68.5">security
    fixes</a>
  * unresolved: When upgrading from Thunderbird version 60 to
    version 68, add-ons are not automatically updated during the
    upgrade process. They will however be updated during the add-
    on update check. It is of course possible to reinstall
    compatible add-ons via the Add-ons Manager or via
    addons.thunderbird.net. (bmo#1574183)
  MFSA 2020-07 (bsc#1163368)
  * CVE-2020-6793 (bmo#1608539)
    Out-of-bounds read when processing certain email messages
  * CVE-2020-6794 (bmo#1606619)
    Setting a master password post-Thunderbird 52 does not delete
    unencrypted previously stored passwords
  * CVE-2020-6795 (bmo#1611105)
    Crash processing S/MIME messages with multiple signatures
  * CVE-2020-6797 (bmo#1596668)
    Extensions granted downloads.open permission could open
    arbitrary applications on Mac OSX
  * CVE-2020-6798 (bmo#1602944)
    Incorrect parsing of template tag could result in JavaScript
    injection
  * CVE-2020-6792 (bmo#1609607)
    Message ID calculcation was based on uninitialized data
  * CVE-2020-6800 (bmo#1595786, bmo#1596706, bmo#1598543,
    bmo#1604851, bmo#1605777, bmo#1608580, bmo#1608785)
    Memory safety bugs fixed in Thunderbird 68.5

- Mozilla Thunderbird 68.4.2 (bsc#1162777)
  * changed: Calendar: Task and Event tree colours adjusted for
    the dark theme (bmo#1608344)
  * fixed: Retrieval of S/MIME certificates from LDAP failed
    (bmo#1604773)
  * fixed: Address-parsing crash on some IMAP servers when
    preference mail.imap.use_envelope_cmd was set (bmo#1609690)
  * fixed: Incorrect forwarding of HTML messages caused SMTP
    servers to respond with a timeout (bmo#1222046)
  * fixed: Calendar: Various parts of the calendar UI stopped
    working when a second Thunderbird window opened (bmo#1608407)

- Mozilla Thunderbird 68.4.1
  * changed: Various improvements when setting up an account for
    a Microsoft Exchange server: Now offers IMAP/SMTP if
    available, better detection for Office 365 accounts; re-run
    configuration after password change. (bmo#1592258)
  * fixed: Attachments with one or more spaces in their names
    couldn't be opened under some circumstances (bmo#1601905)
  * fixed: After changing view layout, the message display pane
    showed garbled content under some circumstances (bmo#265393)
  * fixed: Tags were lost on messages in shared IMAP folders
    under some circumstances (bmo#1596371)
  * fixed: Various theme changes to achieve "pixel perfection":
    Unread icon, "no results" icon, paragraph format and font
    selector, background of folder summary tooltip (bmo#1605612)
  * fixed: Calendar: Event attendee dialog was not displayed
    correctly (bmo#1604797)
  * fixed: Various security fixes
  MFSA 2020-04 (bsc#1160305, bsc#1160498)
  * CVE-2019-17026 (bmo#1607443)
    IonMonkey type confusion with StoreElementHole and
    FallibleStoreElement
  * CVE-2019-17015 (bmo#1599005)
    Memory corruption in parent process during new content
    process initialization on Windows
  * CVE-2019-17016 (bmo#1599181)
    Bypass of @namespace CSS sanitization during pasting
  * CVE-2019-17017 (bmo#1603055)
    Type Confusion in XPCVariant.cpp
  * CVE-2019-17021 (bmo#1599008)
    Heap address disclosure in parent process during content
    process initialization on Windows
  * CVE-2019-17022 (bmo#1602843)
    CSS sanitization does not escape HTML tags
  * CVE-2019-17024 (bmo#1507180, bmo#1595470, bmo#1598605,
    bmo#1601826)
    Memory safety bugs fixed in Thunderbird 68.4.1
- Removed patch that is now upstream: mozilla-bmo1511604.patch
- Added patch to fix broken URL-bar on s390x:
  mozilla-bmo1602730.patch

- Mozilla Thunderbird 68.3.1
  * changed: In dark theme unread messages no longer shown in
    blue to distinguish from tagged messages (bmo#1596702)
  * changed: Account setup is now using client side DNS MX lookup
    instead of relying on a server. (bmo#1349337)
  * fixed: Searching LDAP address book crashed in some
    circumstances (bmo#1601389)
  * fixed: Message navigation with backward and forward buttons
    did not work in some circumstances (bmo#533504)
  * fixed: WebExtension toolbar icons were displayed too small
    (bmo#1598955)
  * fixed: Calendar: Tasks due today were not listed in bold
    (bmo#1598885)
  * fixed: Calendar: Last day of long-running events was not
    shown (bmo#1572964)

- Mozilla Firefox Thunderbird 68.3
  * new: Message display toolbar action WebExtension API
    (bmo#1531597)
  * new: Navigation buttons are now available in content tabs,
    for example those opened via an add-on search (bmo#787683)
  * changed: "New email" icon in Windows systray changed from in-
    tray with arrow to envelope (bmo#1594200)
  * fixed: Icons of attachments in the attachment pane of the
    Write window not always correct (bmo#1593280)
  * fixed: Toolbar buttons of add-ons in the menubar not shown
    after startup (bmo#1584160)
  * fixed: LDAP lookup not working when SSL was enabled. LDAP
    search not working when "All Address Books" was selected.
    (bmo#1576364)
  * fixed: Scam link confirmation panel not working (bmo#1596413)
  * fixed: In Write window, the Link Properties dialog wasn't
    showing named anchors in context menu (bmo#1593629)
  * fixed: Calendar: Start-up failed if the application menu is
    not on the calendar toolbars (bmo#1588516)
  * fixed: Chat: Account reordering via drag-and-drop not working
    on Instant messaging status dialog (Show Accounts)
    (bmo#1591505)
  MFSA 2019-37 (bsc#1158328)
  * CVE-2019-17008 (bmo#1546331)
    Use-after-free in worker destruction
  * CVE-2019-13722 (bmo#1580156)
    Stack corruption due to incorrect number of arguments in
    WebRTC code
  * CVE-2019-11745 (bmo#1586176)
    Out of bounds write in NSS when encrypting with a block
    cipher
  * CVE-2019-17009 (bmo#1510494)
    Updater temporary files accessible to unprivileged processes
  * CVE-2019-17010 (bmo#1581084)
    Use-after-free when performing device orientation checks
  * CVE-2019-17005 (bmo#1584170)
    Buffer overflow in plain text serializer
  * CVE-2019-17011 (bmo#1591334)
    Use-after-free when retrieving a document in antitracking
  * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667,
    bmo#1567209, bmo#1580288, bmo#1585760, bmo#1592502)
    Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3

- Remove patch thunderbird-broken-locales-build.patch due to
  switch to a different method for building locales
- Added patch mozilla-bmo849632.patch to fix some webgl-problems
  on big endian machines (sync from FF)

- Mozilla Thunderbird 68.2.1
  * new: A language for the user interface can now be chosen in
    the advanced settings (multilingual UI) (bmo#1590206)
  * fixed: Problem with Google authentication (OAuth2)
    (bmo#1592407)
  * fixed: Selected or unread messages not shown in the correct
    color in the thread pane (message list) under some
    circumstances (bmo#1585765)
  * fixed: When using a language pack, names of standard folders
    weren't localized (bmo#1575512, boo#1149126)
  * fixed: Address book default startup directory in preferences
    panel not persisted (bmo#1591364)
  * fixed: Various visual glitches: Conditions in filter editor
    not high enough, folder location widget not showing folder
    name, problem with menubar customization, add-on home page
    links accumulating, theme issues on Windows 7 (bmo#1590666)
  * fixed: Issues when upgrading from a 32bit version of
    Thunderbird to a 64bit version. Note: If your profile is
    still not recognised, selected it by visiting about:profiles
    in the Troubleshooting Information. (bmo#1587067)
  * fixed: Chat: Extended context menu on Instant messaging
    status dialog (Show Accounts) (bmo#1591506)
- added mozilla-bmo1504834-part4.patch to fix some visual issues
  on big endian platforms

- Mozilla Thunderbird 68.2
  * new: Message Display WebExtension API
  * new: Message Search WebExtension API
  * Bugfixes
    Better visual feedback for unread messages when using the
    dark theme
    Various issues when editing mailing lists
    Integration with macOS addressbook and notifications not working
    after introduction of notarization
    Application windows not maintaining their size after restart
    Issues when upgrading from a 32bit version of Thunderbird to a
    64bit version.
  * various security fixes
  MFSA 2019-33/2019-35 (bsc#1154738)
  * CVE-2019-15903 (bmo#1584907)
    Heap overflow in expat library in XML_GetCurrentLineNumber
  * CVE-2019-11757 (bmo#1577107)
    Use-after-free when creating index updates in IndexedDB
  * CVE-2019-11758 (bmo#1536227)
    Potentially exploitable crash due to 360 Total Security
  * CVE-2019-11759 (bmo#1577953)
    Stack buffer overflow in HKDF output
  * CVE-2019-11760 (bmo#1577719)
    Stack buffer overflow in WebRTC networking
  * CVE-2019-11761 (bmo#1561502)
    Unintended access to a privileged JSONView object
  * CVE-2019-11762 (bmo#1582857)
    document.domain-based origin isolation has same-origin-
    property violation
  * CVE-2019-11763 (bmo#1584216)
    Incorrect HTML parsing results in XSS bypass technique
  * CVE-2019-11764 (bmo#1548044, bmo#1558522, bmo#1571223,
    bmo#1573048, bmo#1575217, bmo#1577061, bmo#1578933,
    bmo#1581950, bmo#1583463, bmo#1583684, bmo#1586599,
    bmo#1586845)
    Memory safety bugs fixed in Thunderbird 68.2
- removed upstream patches:
  * mozilla-bmo1512162.patch
  * mozilla-bmo1573381.patch
  * mozilla-bmo1585099.patch

- Mozilla Thunderbird 68.1.2 (bsc#1153879)
  Bugfixes
  * Some attachments couldn't be opened in messages originating from
    MS Outlook 2016
  * Address book import from CSV
  * Performance problem in message body search
  * Ctrl+Enter to send a message would open an attachment if the
    attachment pane had focus
  * Calendar: Issues with "Today Pane" start-up
  * Calendar: Glitches with custom repeat and reminder number input
  * Calendar: Problems with WCAP provider
- add mozilla-bmo1585099.patch to fix build with rust >= 1.38
- add mozilla-fix-top-level-asm.patch to fix LTO build (w/o PGO)
- updated translations-other locale list
- remove kde.js since disabling instantApply breaks extensions and
  is obsolete with the move to HTML views for preferences (boo#1151186)
- Update create-tar.sh (bsc#1152778)
- Update mozilla-bmo1512162.patch to the patch now commited upstream
  * No more -O1 builds for ppc64le necessary
- Deactivate currently useless crashreporter for the last remaining
  arch

- Mozilla Thunderbird 68.1.1
  Bugfixes
  * Issues with attachments in IMAP messages
  * Gmail accounts ignored a non-standard trash folder selection
  * Entering/pasting lists of recipients into the addressing widget or
    mailing list not working reliably, especially when lists contained
    multiple commas or semicolons
  * Edit mailing list not working
  * Various theme fixes, especially dark theme improvements for Calendar
  * Contrast between tag label and background not optimal
  * Account Central pane always loaded at start-up
  * "Config Editor" button not removed if blocked by policy
  * Calendar: Free/busy information in attendees dialog not scrolled
    correctly. Note: Scroll arrows still not behaving correctly
  MFSA 2019-32
  * CVE-2019-11755 (bmo#1240290)
    Spoofing a message author via a crafted S/MIME message

- Mozilla Thunderbird 68.1.0
  * Offer to configure Exchange accounts for Office365. A third-
    party add-on is required for this account type.
    IMAP still exists as alternative.
  * Edit tag not working
  * Write window: "Insert > Characters and Symbols" not working
  * Moving/dragging messages from "Search Messages" result
    dialog not working
  * Command line -compose "attachment=" not working
  * Custom views not working
  * Issues with list of content types/actions for incoming attachments
  * "Learn More" links in Error Console not working
  * Visual glitches: Quick Filter Bar tag buttons too tall, missing
    scroll bar on Connection Setting subdialog, LDAP server
    selection after "New", "Edit" and "Delete"
  * Calendar: Parts of CalDAV dialog not working
  MFSA 2019-30
  * CVE-2019-11739 (bmo#1571481, bsc#1150939)
    Covert Content Attack on S/MIME encryption using a crafted
    multipart/alternative message
  * CVE-2019-11746 (bmo#1564449, bsc#1149297)
    Use-after-free while manipulating video
  * CVE-2019-11744 (bmo#1562033, bsc#1149304)
    XSS by breaking out of title and textarea elements using
    innerHTML
  * CVE-2019-11742 (bmo#1559715, bsc#1149303)
    Same-origin policy violation with SVG filters and canvas to
    steal cross-origin images
  * CVE-2019-11752 (bmo#1501152, bsc#1149296)
    Use-after-free while extracting a key value in IndexedDB
  * CVE-2019-11743 (bmo#1560495, bsc#1149298,
    https://w3c.github.io/navigation-timing)
    Cross-origin access to unload event attributes
  * CVE-2019-11740 (bmo#1563133, bmo#1573160, bsc#1149299)
    Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1,
    Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9
- Mozilla Thunderbird 68.0
  * based on Firefox ESR 68
  * File link attachments can now be linked to again instead of
    uploading them again
  * Mark all folders of an account as read
  * Run filters periodically. Improved filter logging
  * OAuth2 authentication for Yandex
  * Language packs can now be selected in the Advanced Options.
    Preference intl.multilingual.enabled needs to be set (and possily
    also extensions.langpacks.signatures.required needs to be set to false)
  * Added a policy engine that allows customized Thunderbird deployments
    in enterprise environments, using Windows Group Policy or a
    cross-platform JSON file
  * TCP keepalive for IMAP protocol
  * Full Unicode support for MAPI interfaces: New support for MAPISendMailW
  * Calendar: Time zone data can now include past and future changes.
    All known time zone changes from 2018 to 2022 are included.
  * Chat: In each conversation an individual spellcheck language can
    be selected now
  MFSA 2019-28
  * CVE-2019-11711 (bmo#1552541)
    Script injection within domain through inner window reuse
  * CVE-2019-11712 (bmo#1543804)
    Cross-origin POST requests can be made with NPAPI plugins by
    following 308 redirects
  * CVE-2019-11713 (bmo#1528481)
    Use-after-free with HTTP/2 cached stream
  * CVE-2019-11714 (bmo#1542593)
    NeckoChild can trigger crash when accessed off of main thread
  * CVE-2019-11729 (bmo#1515342)
    Empty or malformed p256-ECDH public keys may trigger a
    segmentation fault
  * CVE-2019-11715 (bmo#1555523)
    HTML parsing error can contribute to content XSS
  * CVE-2019-11716 (bmo#1552632)
    globalThis not enumerable until accessed
  * CVE-2019-11717 (bmo#1548306)
    Caret character improperly escaped in origins
  * CVE-2019-11719 (bmo#1540541)
    Out-of-bounds read when importing curve25519 private key
  * CVE-2019-11720 (bmo#1556230)
    Character encoding XSS vulnerability
  * CVE-2019-11721 (bmo#1256009)
    Domain spoofing through unicode latin 'kra' character
  * CVE-2019-11730 (bmo#1558299)
    Same-origin policy treats all files in a directory as having
    the same-origin
  * CVE-2019-11723 (bmo#1528335)
    Cookie leakage during add-on fetching across private browsing
    boundaries
  * CVE-2019-11724 (bmo#1512511)
    Retired site input.mozilla.org has remote troubleshooting
    permissions
  * CVE-2019-11725 (bmo#1483510)
    Websocket resources bypass safebrowsing protections
  * CVE-2019-11727 (bmo#1552208)
    PKCS#1 v1.5 signatures can be used for TLS 1.3
  * CVE-2019-11728 (bmo#1552993)
    Port scanning through Alt-Svc header
  * CVE-2019-11710 (bmo#1400563, bmo#1507696, bmo#1510345,
    bmo#1533842, bmo#1535482, bmo#1535848, bmo#1537692,
    bmo#1540590, bmo#1544180, bmo#1547472, bmo#1547760,
    bmo#1548611, bmo#1549768, bmo#1551907)
    Memory safety bugs fixed in Firefox 68 and Thunderbird 68
  * CVE-2019-11709 (bmo#1515052, bmo#1533522, bmo#1539219,
    bmo#1540759, bmo#1547266, bmo#1547757, bmo#1548822,
    bmo#1550498, bmo#1550498)
    Memory safety bugs fixed in Firefox 68, Firefox ESR 60.8, and
    Thunderbird 68
- removed patches that are now upstream
  * mozilla-bmo1375074.patch
  * mozilla-i586-DecoderDoctorLogger.patch
  * mozilla-i586-domPrefs.patch
  * mozilla-bmo1464766.patch
  * mozilla-bigendian_bit_flags_alias.patch
- added patch to make builds reproducible
  * mozilla-bmo1568145.patch
- added a bunch of patches mainly for big endian platforms
  * mozilla-bmo1504834-part1.patch
  * mozilla-bmo1504834-part2.patch
  * mozilla-bmo1504834-part3.patch
  * mozilla-bmo1511604.patch
  * mozilla-bmo1512162.patch
  * mozilla-bmo1554971.patch
  * mozilla-bmo1573381.patch
  * mozilla-nestegg-big-endian.patch
  * mozilla-ppc-altivec_static_inline.patch
- added patches to fix build on armv7:
  * mozilla-bmo1463035.patch
  * mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
- added patch to fix non-return function
  * mozilla-cubeb-noreturn.patch
- added patch to fix aarch64 build:
  * mozilla-fix-aarch64-libopus.patch (bmo#1539737)
- added patch to reduce build-load
  * mozilla-reduce-rust-debuginfo.patch
- added patch to fix locales-build
  * thunderbird-broken-locales-build.patch
- added patch to fix implicit declarations
  * mozilla-openaes-decl.patch
- added samba-patch from Firefox
  * mozilla-ntlm-full-path.patch

- Mozilla Firefox Thunderbird 60.8
  MFSA 2019-23 (bsc#1140868)
  * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327)
    Sandbox escape via installation of malicious language pack
  * CVE-2019-11711 (bmo#1552541)
    Script injection within domain through inner window reuse
  * CVE-2019-11712 (bmo#1543804)
    Cross-origin POST requests can be made with NPAPI plugins by
    following 308 redirects
  * CVE-2019-11713 (bmo#1528481)
    Use-after-free with HTTP/2 cached stream
  * CVE-2019-11729 (bmo#1515342)
    Empty or malformed p256-ECDH public keys may trigger a
    segmentation fault
  * CVE-2019-11715 (bmo#1555523)
    HTML parsing error can contribute to content XSS
  * CVE-2019-11717 (bmo#1548306)
    Caret character improperly escaped in origins
  * CVE-2019-11719 (bmo#1540541)
    Out-of-bounds read when importing curve25519 private key
  * CVE-2019-11730 (bmo#1558299)
    Same-origin policy treats all files in a directory as having
    the same-origin
  * CVE-2019-11709 (bmo#1515052, bmo#1533522, bmo#1539219,
    bmo#1540759, bmo#1547266, bmo#1547757, bmo#1548822,
    bmo#1550498, bmo#1550498)
    Memory safety bugs fixed in Firefox 68, Firefox ESR 60.8, and
    Thunderbird 60.8
- Calendar: Problems when editing event times, some related to
  AM/PM setting in non-English locales

- Mozilla Firefox Thunderbird 60.7.2
  MFSA 2019-20 (bsc#1138872)
  * CVE-2019-11707 (bmo#1544386)
    Type confusion in Array.pop
  * CVE-2019-11708 (bmo#1559858)
    sandbox escape using Prompt:Open

- Mozilla Firefox Thunderbird 60.7.1
  MFSA 2019-17 (bsc#1137595)
  * CVE-2019-11703 (bmo#1553820)
    Heap buffer overflow in icalparser.c
  * CVE-2019-11704 (bmo#1553814)
    Heap buffer overflow in icalvalue.c
  * CVE-2019-11705 (bmo#1553808)
    Stack buffer overflow in icalrecur.c
  * CVE-2019-11706 (bmo#1555646)
    Type confusion in icalproperty.c
- No prompt for smartcard PIN when S/MIME signing is used
- Removed obsolete patches:
    [thunderbird-bsc1137595.patch]

- Fix security vulnerabilities in Thunderbird 60.7 (bsc#1137595)
  * CVE-2019-11706 (bmo#1555646)
  * CVE-2019-11705 (bmo#1553808)
  * CVE-2019-11704 (bmo#1553814)
  * CVE-2019-11703 (bmo#1553820)
- Added patches:
    [thunderbird-bsc1137595.patch]