MozillaThunderbird-78.10.0-bp153.1.1

- Mozilla Thunderbird 78.10
  * fixed: Usability & theme improvements on Windows
  * fixed: Various security fixes
  MFSA 2021-14 (bsc#1184960)
  * CVE-2021-23994 (bmo#1699077)
    Out of bound write due to lazy initialization
  * CVE-2021-23995 (bmo#1699835)
    Use-after-free in Responsive Design Mode
  * CVE-2021-23998 (bmo#1667456)
    Secure Lock icon could have been spoofed
  * CVE-2021-23961 (bmo#1677940)
    More internal network hosts could have been probed by a
    malicious webpage
  * CVE-2021-23999 (bmo#1691153)
    Blob URLs may have been granted additional privileges
  * CVE-2021-24002 (bmo#1702374)
    Arbitrary FTP command execution on FTP servers using an
    encoded URL
  * CVE-2021-29945 (bmo#1700690)
    Incorrect size computation in WebAssembly JIT could lead to
    null-reads
  * CVE-2021-29946 (bmo#1698503)
    Port blocking could be bypassed
  * CVE-2021-29948 (bmo#1692899)
    Race condition when reading from disk while verifying
    signatures

- Mozilla Thunderbird 78.9.1
  * new: Support recipient aliases for OpenPGP encryption.
    Documentation can be found https://wiki.mozilla.org/
    Thunderbird:OpenPGP:Aliases.
  * fixed: The key and signature parts of the message security
    popup on a received message could not be selected for
    copy/paste.
  * fixed: Various UX and theme improvements
  MFSA 2021-13 (bsc#1184536)
  * CVE-2021-23991 (bmo#1673240)
    An attacker may use Thunderbird's OpenPGP key refresh
    mechanism to poison an existing key
  * MOZ-2021-23992 (bmo#1666236)
    A crafted OpenPGP key with an invalid user ID could be used
    to confuse the user
  * CVE-2021-23993 (bmo#1666360)
    Inability to send encrypted OpenPGP email after importing a
    crafted OpenPGP key

- Mozilla Thunderbird 78.9
  * fixed: New mail notification displayed old messages that were
    unread
  * fixed: Spaces following soft line breaks in messages using
    quoted-printable and format=flowed were incorrectly encoded;
    existing messages which were previously incorrectly encoded
    may now display with some words not separated by a space
  * fixed: Some fields were unreadable in the Dark theme in the
    General preferences panel
  * fixed: Sending a message containing an anchor tag with an
    invalid data URI failed
  * fixed: When switching tabs, input focus was not moved to the
    new tab
  * fixed: Address Book: Syncing a read-only Google address book
    via CardDAV failed
  * fixed: Address Book: Importing VCards with non-ascii
    characters would fail
  * fixed: Address Book: Some values may not have been parsed
    when syncing from Google address books.
  * fixed: Add-ons Manager did not show if an addon used
    experiment APIs
  * fixed: Calendar: Removing a recurring task was not possible
  * fixed: Various security fixes
  MFSA 2021-12 (bsc#1183942)
  * CVE-2021-23981 (bmo#1692832)
    Texture upload into an unbound backing buffer resulted in an
    out-of-bound read
  * MOZ-2021-0002 (bmo#1691547)
    Angle graphics library out of date
  * CVE-2021-23982 (bmo#1677046)
    Internal network hosts could have been probed by a malicious
    webpage
  * CVE-2021-23984 (bmo#1693664)
    Malicious extensions could have spoofed popup information
  * CVE-2021-23987 (bmo#1513519, bmo#1683439, bmo#1690169,
    bmo#1690718)
    Memory safety bugs fixed in Thunderbird 78.9
- cleaned up and fixed mozilla.sh.in for wayland (boo#1177542)

- Mozilla Thunderbird 78.8
  * fixed: Importing an address book from a CSV file always
    reported an error (bmo#1685048)
  * fixed: Security information for S/MIME messages was not
    displayed correctly prior to a draft being saved
    (bmo#1683701)
  * fixed: Calendar: FileLink UI fixes for Caldav calendars
    (bmo#1669803)
  * fixed: Recurring tasks were always marked incomplete; unable
    to use filters (bmo#1686466)
  * fixed: Various UI widgets not working (bmo#1690098)
  * fixed: Dark theme improvements (bmo#1691106)
  * fixed: Extension manager was missing link to addon support
    web page (bmo#1642219)
  * fixed: Various security fixes
  MFSA 2021-09 (bsc#1182614)
  * CVE-2021-23969 (bmo#1542194)
    Content Security Policy violation report could have contained
    the destination of a redirect
  * CVE-2021-23968 (bmo#1687342)
    Content Security Policy violation report could have contained
    the destination of a redirect
  * CVE-2021-23973 (bmo#1690976)
    MediaError message property could have leaked information
    about cross-origin resources
  * CVE-2021-23978 (bmo#1682928, bmo#1687391, bmo#1687597,
    bmo#786797)
    Memory safety bugs fixed in Thunderbird 78.8
- Update create-tar.sh to use https instead of http (bsc#1182357)

- Mozilla Thunderbird 78.7.1 (bsc#1181848)
  * changed: Building OpenPGP shared library linked to system
    libraries now supported (bmo#1634963)
  * changed: MailExtension errors now shown in Developer Tools
    console by default (bmo#1650149)
  * changed: MailExtensions: Dynamic registration of calendar
    providers now supported (bmo#1652885)
  * fixed: OpenPGP improvements (bmo#1655210)
  * fixed: Message preview was sometimes blank after upgrading
    from Thunderbird 68 (bmo#1653168)
  * fixed: Email addresses whitelisted for remote content not
    displayed in preferences (bmo#1652575)
  * fixed: Importing data from Seamonkey did not work
    (bmo#272292)
  * fixed: Renaming a mail list did not update the side bar
    (bmo#1632331)
  * fixed: MailExtensions: messenger.* namespace was undefined
    (bmo#1641573)

- Mozilla Thunderbird 78.7
  * changed: MailExtensions: browserAction, composeAction, and
    messageDisplayAction toolbar buttons now support label and
    default_label properties (bmo#1583478)
  * fixed: Running a quicksearch that returned no results did not
    offer to re-run as a global search (bmo#1663153)
  * fixed: Message search toolbar fixes (bmo#1681010)
  * fixed: Very long subject lines distorted the message compose
    and display windows, making them unusable (bmo#77806)
  * fixed: Compose window: Recipient addresses that had not yet
    been autocompleted were lost when clicking Send button
    (bmo#1674054)
  * fixed: Compose window: New message is no longer marked as
    "changed" just from tabbing out of the recipient field
    without editing anything (bmo#1681389)
  * fixed: Account autodiscover fixes when using MS Exchange
    servers (bmo#1679759)
  * fixed: LDAP address book stability fix (bmo#1680914)
  * fixed: Messages with invalid vcard attachments were not
    marked as read when viewed in the preview window
    (bmo#1680468)
  * fixed: Chat: Could not add TLS certificate exceptions for
    XMPP connections (bmo#1590471)
  * fixed: Calendar: System timezone was not always properly
    detected (bmo#1678839)
  * fixed: Calendar: Descriptions were sometimes blank when
    editing a single occurrence of a repeating event
    (bmo#1664731)
  * fixed: Various printing bugfixes (bmo#1676166)
  * fixed: Visual consistency and theme improvements
    (bmo#1682808)
  * fixed: Various security fixes
  MFSA 2021-05 (bsc#1181414)
  * CVE-2021-23953 (bmo#1683940)
    Cross-origin information leakage via redirected PDF requests
  * CVE-2021-23954 (bmo#1684020)
    Type confusion when using logical assignment operators in
    JavaScript switch statements
  * CVE-2020-15685 (bmo#1622640)
    IMAP Response Injection when using STARTTLS
  * CVE-2020-26976 (bmo#1674343)
    HTTPS pages could have been intercepted by a registered
    service worker when they should not have been
  * CVE-2021-23960 (bmo#1675755)
    Use-after-poison for incorrectly redeclared JavaScript
    variables during GC
  * CVE-2021-23964 (bmo#1662507, bmo#1666285, bmo#1673526,
    bmo#1674278, bmo#1674835, bmo#1675097, bmo#1675844,
    bmo#1675868, bmo#1677590, bmo#1677888, bmo#1680410,
    bmo#1681268, bmo#1682068, bmo#1682938, bmo#1683736,
    bmo#1685260, bmo#1685925)
    Memory safety bugs fixed in Thunderbird 78.7

- Mozilla Thunderbird 78.6.1
  * changed: MailExtensions: browserAction, composeAction, and
    messageDisplayAction toolbar buttons now support label and
    default_label properties (bmo#1583478)
  * fixed: Running a quicksearch that returned no results did not
    offer to re-run as a global search (bmo#1663153)
  * fixed: Message search toolbar fixes (bmo#1681010)
  * fixed: Very long subject lines distorted the message compose
    and display windows, making them unusable (bmo#77806)
  * fixed: Compose window: Recipient addresses that had not yet
    been autocompleted were lost when clicking Send button
    (bmo#1674054)
  * fixed: Compose window: New message is no longer marked as
    "changed" just from tabbing out of the recipient field
    without editing anything (bmo#1681389)
  * fixed: Account autodiscover fixes when using MS Exchange
    servers (bmo#1679759)
  * fixed: LDAP address book stability fix (bmo#1680914)
  * fixed: Messages with invalid vcard attachments were not
    marked as read when viewed in the preview window
    (bmo#1680468)
  * fixed: Chat: Could not add TLS certificate exceptions for
    XMPP connections (bmo#1590471)
  * fixed: Calendar: System timezone was not always properly
    detected (bmo#1678839)
  * fixed: Calendar: Descriptions were sometimes blank when
    editing a single occurrence of a repeating event
    (bmo#1664731)
  * fixed: Various printing bugfixes (bmo#1676166)
  * fixed: Visual consistency and theme improvements
    (bmo#1682808)
  MFSA 2021-02 (bsc#1180623)
  * CVE-2020-16044 (bmo#1683964)
    Use-after-free write when handling a malicious COOKIE-ECHO
    SCTP chunk

- Mozilla Thunderbird 78.6
  * new: MailExtensions: Added
    browser.windows.openDefaultBrowser() (bmo#1664708)
  * changed: Thunderbird now only shows quota exceeded
    indications on the main window (bmo#1671748)
  * changed: MailExtensions: menus API enabled in messages being
    composed (bmo#1670832)
  * changed: MailExtensions: Honor allowScriptsToClose argument
    in windows.create API function (bmo#1675940)
  * changed: MailExtensions: APIs that returned an accountId will
    reflect the account the message belongs to, not what is
    stored in message headers (bmo#1644032)
  * fixed: Keyboard shortcut for toggling message "read" status
    not shown in menus (bmo#1619248)
  * fixed: OpenPGP: After importing a secret key, Key Manager
    displayed properties of the wrong key (bmo#1667054)
  * fixed: OpenPGP: Inline PGP parsing improvements (bmo#1660041)
  * fixed: OpenPGP: Discovering keys online via Key Manager
    sometimes failed on Linux (bmo#1634053)
  * fixed: OpenPGP: Encrypted attachment "Decrypt and Open/Save
    As" did not work (bmo#1663169)
  * fixed: OpenPGP: Importing keys failed on macOS (bmo#1680757)
  * fixed: OpenPGP: Verification of clear signed UTF-8 text
    failed (bmo#1679756)
  * fixed: Address book: Some columns incorrectly displayed no
    data (bmo#1631201)
  * fixed: Address book: The address book view did not update
    after changing the name format in the menu (bmo#1678555)
  * fixed: Calendar: Could not import an ICS file into a CalDAV
    calendar (bmo#1652984)
  * fixed: Calendar: Two "Home" calendars were visible on a new
    profile (bmo#1656782)
  * fixed: Calendar: Dark theme was incomplete on Linux
    (bmo#1655543)
  * fixed: Dark theme did not apply to new mail notification
    popups (bmo#1681083)
  * fixed: Folder icon, message list, and contact side bar visual
    improvements (bmo#1679436)
  * fixed: MailExtensions: HTTP refresh in browser content tabs
    did not work (bmo#1667774)
  * fixed: MailExtensions: messageDisplayScripts failed to run in
    main window (bmo#1674932)
  * fixed: Various security fixes
  MFSA 2020-56 (bsc#1180039)
  * CVE-2020-16042 (bmo#1679003)
    Operations on a BigInt could have caused uninitialized memory
    to be exposed
  * CVE-2020-26971 (bmo#1663466)
    Heap buffer overflow in WebGL
  * CVE-2020-26973 (bmo#1680084)
    CSS Sanitizer performed incorrect sanitization
  * CVE-2020-26974 (bmo#1681022)
    Incorrect cast of StyleGenericFlexBasis resulted in a heap
    use-after-free
  * CVE-2020-26978 (bmo#1677047)
    Internal network hosts could have been probed by a malicious
    webpage
  * CVE-2020-35111 (bmo#1657916)
    The proxy.onRequest API did not catch view-source URLs
  * CVE-2020-35112 (bmo#1661365)
    Opening an extension-less download may have inadvertently
    launched an executable instead
  * CVE-2020-35113 (bmo#1664831, bmo#1673589)
    Memory safety bugs fixed in Thunderbird 78.6

- Mozilla Thunderbird 78.5.1
  * new: OpenPGP: Added option to disable email subject
    encryption (bmo#1666073)
  * changed: OpenPGP public key import now supports multi-file
    selection and bulk accepting imported keys (bmo#1665145)
  * changed: MailExtensions: getComposeDetails will wait for
    "compose-editor-ready" event (bmo#1675012)
  * fixed: New mail icon was not removed from the system tray at
    shutdown (bmo#1664586)
  * fixed: "Place replies in the folder of the message being
    replied to" did not work when using "Reply to List"
    (bmo#522450)
  * fixed: Thunderbird did not honor the "Run search on server"
    option when searching messages (bmo#546925)
  * fixed: Highlight color for folders with unread messages
    wasn't visible in dark theme (bmo#1676697)
  * fixed: OpenPGP: Key were missing from Key Manager
    (bmo#1674521)
  * fixed: OpenPGP: Option to import keys from clipboard always
    disabled (bmo#1676842)
  * fixed: The "Link" button on the large attachments info bar
    failed to open up Filelink section in Options if the user had
    not yet configured Filelink (bmo#1677647)
  * fixed: Address book: Printing members of a mailing list
    resulted in incorrect output (bmo#1676859)
  * fixed: Unable to connect to LDAP servers configured with a
    self-signed SSL certificate (bmo#1659947)
  * fixed: Autoconfig via LDAP did not work as expected
    (bmo#1662433)
  * fixed: Calendar: Pressing Ctrl-Enter in the new event dialog
    would create duplicate events (bmo#1668478)
  * fixed: Various security fixes
  MFSA 2020-53 (bsc#1179530)
  * CVE-2020-26970 (bmo#1677338)
    Stack overflow due to incorrect parsing of SMTP server
    response codes

- Mozilla Thunderbird 78.5.0
  * new: OpenPGP: Added option to disable attaching the public
    key to a signed message (bmo#1654950)
  * new: MailExtensions: "compose_attachments" context added to
    Menus API (bmo#1670822)
  * new: MailExtensions: Menus API now available on displayed
    messages (bmo#1670825)
  * changed: MailExtensions: browser.tabs.create will now wait
    for "mail-delayed-startup-finished" event (bmo#1674407)
  * fixed: OpenPGP: Support for inline PGP messages improved
    (bmo#1672851)
  * fixed: OpenPGP: Message security dialog showed unverified
    keys as unavailable (bmo#1675285)
  * fixed: Chat: New chat contact menu item did not function
    (bmo#1663321)
  * fixed: Various theme and usability improvements (bmo#1673861)
  * fixed: Various security fixes
  MFSA 2020-52 (bsc#1178894)
  * CVE-2020-26951 (bmo#1667113)
    Parsing mismatches could confuse and bypass security
    sanitizer for chrome privileged code
  * CVE-2020-16012 (bmo#1642028)
    Variable time processing of cross-origin images during
    drawImage calls
  * CVE-2020-26953 (bmo#1656741)
    Fullscreen could be enabled without displaying the security UI
  * CVE-2020-26956 (bmo#1666300)
    XSS through paste (manual and clipboard API)
  * CVE-2020-26958 (bmo#1669355)
    Requests intercepted through ServiceWorkers lacked MIME type
    restrictions
  * CVE-2020-26959 (bmo#1669466)
    Use-after-free in WebRequestService
  * CVE-2020-26960 (bmo#1670358)
    Potential use-after-free in uses of nsTArray
  * CVE-2020-15999 (bmo#1672223)
    Heap buffer overflow in freetype
  * CVE-2020-26961 (bmo#1672528)
    DoH did not filter IPv4 mapped IP Addresses
  * CVE-2020-26965 (bmo#1661617)
    Software keyboards may have remembered typed passwords
  * CVE-2020-26966 (bmo#1663571)
    Single-word search queries were also broadcast to local
    network
  * CVE-2020-26968 (bmo#1551615, bmo#1607762, bmo#1656697,
    bmo#1657739, bmo#1660236, bmo#1667912, bmo#1671479,
    bmo#1671923)
    Memory safety bugs fixed in Thunderbird 78.5

- Mozilla Thunderbird 78.4.3
  * fixed: User interface was inconsistent when switching from
    the default theme to the dark theme and back to the default
    theme (bmo#1659282)
  * fixed: Email subject would disappear when hovering over it
    with the mouse when using Windows 7 Classic theme
    (bmo#1675970)

- Mozilla Thunderbird 78.4.2
  MFSA 2020-49 (bsc#1178611)
  * CVE-2020-26950 (bmo#1675905)
    Write side effects in MCallGetProperty opcode not accounted
    for
- Mozilla Thunderbird 78.4.1
  * new: Thunderbird prompts for an address to use when starting
    an email from an address book entry with multiple addresses
    (bmo#84028)
  * fixed: Searching global search results did not work
    (bmo#1664761)
  * fixed: Link location was not focused by default when adding a
    hyperlink in message composer (bmo#1670660)
  * fixed: Advanced address book search dialog was unusable
    (bmo#1668147)
  * fixed: Encrypted draft reply emails lost "Re:" prefix
    (bmo#1661510)
  * fixed: Replying to a newsgroup message did not open the
    compose window (bmo#1672667)
  * fixed: Unable to delete multiple newsgroup messages
    (bmo#1657988)
  * fixed: Appmenu displayed visual glitches (bmo#1636243)
  * fixed: Visual glitches when selecting multiple messages in
    the message pane and using Ctrl+click (bmo#1671800)
  * fixed: Switching between dark and light mode could lead to
    unreadable text on macOS (bmo#1668989)

- Mozilla Thunderbird 78.4
  * new: MailExtensions: browser.tabs.sendMessage API added
    (bmo#1641576)
  * new: MailExtensions: messageDisplayScripts API added
    (bmo#1504475)
  * changed: Yahoo and AOL mail users using password
    authentication will be migrated to OAuth2 (bmo#1606339)
  * changed: MailExtensions: messageDisplay APIs extended to
    support multiple selected messages (bmo#1617461)
  * changed: MailExtensions: compose.begin functions now support
    creating a message with attachments (bmo#1662018)
  * fixed: Thunderbird could freeze when updating global search
    index (bmo#1669872)
  * fixed: Multiple issues with handling of self-signed SSL
    certificates addressed (bmo#1590474)
  * fixed: Recipient address fields in compose window could
    expand to fill all available space (bmo#1666463)
  * fixed: Inserting emoji characters in message compose window
    caused unexpected behavior (bmo#1638874)
  * fixed: Button to restore default folder icon color was not
    keyboard accessible (bmo#1663075)
  * fixed: Various keyboard navigation fixes (bmo#1667567)
  * fixed: Various color-related theme fixes (bmo#1668410)
  * fixed: MailExtensions: Updating attachments with
    onBeforeSend.addListener() did not work (bmo#1662015)
  MFSA 2020-47 (bsc#1177977)
  * CVE-2020-15969 (bmo#1666570, https://github.com/sctplab/
    usrsctp/commit/ffed0925f27d404173c1e3e750d818f432d2c019)
    Use-after-free in usersctp
  * CVE-2020-15683 (bmo#1576843, bmo#1656987, bmo#1660954,
    bmo#1662760, bmo#1663439, bmo#1666140)
    Memory safety bugs fixed in Thunderbird 78.4

- Mozilla Thunderbird 78.3.3
  * OpenPGP: Improved support for encrypting with subkeys
    (bmo#1665497)
  * OpenPGP message status icons were not visible in
    message header pane (bmo#1670067)
  * OpenPGP Key Manager was missing from Tools menu on
    macOS (bmo#1662279)
  * Creating a new calendar event did not require an event
    title (bmo#1663303)

- Mozilla Thunderbird 78.3.2 (bsc#1176899)
  * OpenPGP: Improved support for encrypting with subkeys
  * OpenPGP: Encrypted messages with international characters were
    sometimes displayed incorrectly
  * Single-click deletion of recipient pills with middle mouse
    button restored
  * Searching an address book list did not display results
  * Dark mode, high contrast, and Windows theming fixes
- Mozilla Thunderbird 78.3.1
  * fix crash in nsImapProtocol::CreateNewLineFromSocket (bmo#1667120)
- Mozilla Thunderbird 78.3.0
  MFSA 2020-44 (bsc#1176756)
  * CVE-2020-15677 (bmo#1641487)
    Download origin spoofing via redirect
  * CVE-2020-15676 (bmo#1646140)
    XSS when pasting attacker-controlled data into a
    contenteditable element
  * CVE-2020-15678 (bmo#1660211)
    When recursing through layers while scrolling, an iterator
    may have become invalid, resulting in a potential use-after-
    free scenario
  * CVE-2020-15673 (bmo#1648493, bmo#1660800)
    Memory safety bugs fixed in Thunderbird 78.3
- requires NSPR >= 4.25.1
- removed obsolete thunderbird-bmo1664607.patch
- Mozilla Thunderbird 78.2.2
  https://www.thunderbird.net/en-US/thunderbird/78.2.2/releasenotes
- added thunderbird-bmo1664607.patch required for builds w/o updater
  (boo#1176384)
- Mozilla Thunderbird 78.2.1 (bsc#1174230)
  * based on Mozilla's 78 ESR codebase
  * many new and changed features
    https://www.thunderbird.net/en-US/thunderbird/78.0/releasenotes/#whatsnew
  * built-in OpenPGP support (enigmail neither required nor supported)
- added platform patches:
  * mozilla-s390x-skia-gradient.patch
  * mozilla-pipewire-0-3.patch
  * mozilla-bmo1512162.patch
  * mozilla-bmo1626236.patch
  * mozilla-bmo998749.patch
  * mozilla-sandbox-fips.patch
  * thunderbird-remove-python2.patch
- removed obsolete platform patches
  * mozilla-s390-bigendian.patch
  * mozilla-nestegg-big-endian.patch
  * mozilla-openaes-decl.patch
  * mozilla-cubeb-noreturn.patch

- Mozilla Thunderbird 68.12
  * fixed: Various security vulnerabilities
  MFSA 2020-40 (bsc#1175686)
  * CVE-2020-15663 (bmo#1643199)
    Downgrade attack on the Mozilla Maintenance Service could
    have resulted in escalation of privilege
  * CVE-2020-15664 (bmo#1658214)
    Attacker-induced prompt for extension installation
  * CVE-2020-15669 (bmo#1656957)
    Use-After-Free when aborting an operation

- Mozilla Thunderbird 68.11
  * fixed: FileLink attachments included as a link and file when
    added from a network drive via drag & drop (bmo#793118)
  * fixed: Various security fixes
  MFSA 2020-35 (bsc#1174538)
  * CVE-2020-15652 (bmo#1634872)
    Potential leak of redirect targets when loading scripts in a
    worker
  * CVE-2020-6514 (bmo#1642792)
    WebRTC data channel leaks internal address to peer
  * CVE-2020-6463 (bmo#1635293)
    Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
  * CVE-2020-15659 (bmo#1550133, bmo#1633880, bmo#1646787,
    bmo#1650811)
    Memory safety bugs fixed in Thunderbird 68.11

- Mozilla Thunderbird 68.10.0
  * fixed: Chat: Topics displayed some characters improperly
    (bmo#1644024)
  * fixed: Calendar: Filtering tasks did not work when
    "Incomplete Tasks" was selected (bmo#1593711)
  MFSA 2020-26 (bsc#1173576)
  * CVE-2020-12417 (bmo#1640737)
    Memory corruption due to missing sign-extension for ValueTags
    on ARM64
  * CVE-2020-12418 (bmo#1641303)
    Information disclosure due to manipulated URL object
  * CVE-2020-12419 (bmo#1643874)
    Use-after-free in nsGlobalWindowInner
  * CVE-2020-12420 (bmo#1643437)
    Use-After-Free when trying to connect to a STUN server
  * MFSA-2020-0001 (bmo#1606610)
    Automatic account setup leaks Microsoft Exchange login
    credentials
  * CVE-2020-12421 (bmo#1308251)
    Add-On updates did not respect the same certificate trust
    rules as software updates

- Mozilla Thunderbird 68.9.0
  * fixed: Custom headers added for searching or filtering could
    not be removed (bmo#1631577)
  * fixed: Calendar: Today Pane updated prior to loading all data
    (bmo#1635613)
  * fixed: Stability improvements (bmo#1625677)
  * fixed: Various security fixes
  MFSA 2020-22 (bsc#1172402)
  * CVE-2020-12405 (bmo#1631618)
    Use-after-free in SharedWorkerService
  * CVE-2020-12406 (bmo#1639590)
    JavaScript Type confusion with NativeTypes
  * CVE-2020-12410 (bmo#1619305, bmo#1632717)
    Memory safety bugs fixed in Thunderbird 68.9.0
  * CVE-2020-12398 (bmo#1613623)
    Security downgrade with IMAP STARTTLS leads to information
    leakage

- Mozilla Thunderbird 68.8.1
  * fixed: IMAP stability improvements (bmo#1586494)
  * fixed: HTML tags in IRC topic changes were rendered
    incorrectly (bmo#1607097)
  * fixed: MailExtensions: Websockets could not be used
    (bmo#1627649)
- Use a symbolic icon from branding internals

- Mozilla Thunderbird 68.8.0
  * fixed: Account Manager: text fields were too small in some
    cases (bmo#1616387)
  * fixed: Account Manager: Authentication method did not update
    when selecting an SMTP server (bmo#1631437)
  * fixed: Links with embedded credentials did not open on
    Windows (bmo#1609451)
  * fixed: Messages were sometimes sent with a badly formed
    address when filled from the address book (bmo#1629842)
  * fixed: Accessibility: Screen readers were reporting too many
    activities from the status bar (bmo#1628891)
  * fixed: MailExtensions: Setting IMAP messages as read with
    browser.messages.updated failed to persist (bmo#1631184)
  * fixed: Various security fixes
  MFSA 2020-18 (bsc#1171186)
  * CVE-2020-12397 (bmo#1617370)
    Sender Email Address Spoofing using encoded Unicode
    characters
  * CVE-2020-12387 (bmo#1545345)
    Use-after-free during worker shutdown
  * CVE-2020-6831 (bmo#1632241)
    Buffer overflow in SCTP chunk input validation
  * CVE-2020-12392 (bmo#1614468)
    Arbitrary local file access with 'Copy as cURL'
  * CVE-2020-12393 (bmo#1615471)
    Devtools' 'Copy as cURL' feature did not fully escape
    website-controlled data, potentially leading to command
    injection
  * CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704,
    bmo#1624098, bmo#1625749, bmo#1626382, bmo#1628076,
    bmo#1631508)
    Memory safety bugs fixed in Thunderbird 68.8.0

- Mozilla Thunderbird 68.7.0
  * new: MailExtensions: Raw message source available to
    MailExtensions (bmo#1525274)
  * changed: MailExtensions: messages.update function extended to
    mark messages as junk or not junk (bmo#1598332)
  * changed: MailExtensions: browser.compose.begin functions no
    longer expand mailing lists (bmo#1612480)
  * fixed: Various improvements to account setup when connecting
    to an Exchange server (bmo#1598861)
  * fixed: Thread collapsed when opening news message in a new
    window (bmo#1526765)
  * fixed: Addons not automatically updated to compatible version
    after upgrade from Thunderbird 60 (bmo#1574183)
  * fixed: Updating addons did not prompt when requesting new
    permissions (bmo#1620861)
  * fixed: Extra recipients panel not keyboard-accessible
    (bmo#1612717)
  * fixed: Accessibility: Status bar was not detected by
    screenreaders (bmo#1621287)
  * fixed: MailExtensions: messages.query by folder name did not
    require accountsRead permission (bmo#1625793)
  * fixed: Calendar: Invitations with embedded null bytes did not
    always decode correctly (bmo#1623896)
  * fixed: Calendar: Cancelled events didn't show with a line-
    through (bmo#1621210)
  * fixed: Various security fixes
  MFSA 2020-14 (bsc#1168874)
  In general, these flaws cannot be exploited through email in
  Thunderbird because scripting is disabled when reading mail, but
  are potentially risks in browser or browser-like contexts.
  * CVE-2020-6819 (bmo#1620818, bsc#1168630)
    Use-after-free while running the nsDocShell destructor
  * CVE-2020-6820 (bmo#1626728, bsc#1168630)
    Use-after-free when handling a ReadableStream
  * CVE-2020-6821 (bmo#1625404, bsc#1168874)
    Uninitialized memory could be read when using the WebGL
    copyTexSubImage method
  * CVE-2020-6822 (bmo#1544181, bsc#1168874)
    Out of bounds write in GMPDecodeData when processing large images
  * CVE-2020-6825 (bmo#1572541,bmo#1620193,bmo#1620203, bsc#1168874)
    Memory safety bugs fixed in Thunderbird 68.7.0

- Mozilla Thunderbird 68.6
  * new: Thunderbird now displays a popup window when starting up
    on a new profile (bmo#1590036)
  * changed: Thunderbird now provides partial updates resulting
    in smaller downloads (bmo#1410512)
  * fixed: Searching in message bodies led to false negatives
    under some circumstances in quoted-printable encoded HTML
    bodies (bmo#1614796)
  * fixed: "Get New Messages for All Accounts" not working for
    OAuth2-authenticated IMAP accounts (bmo#1593611)
  * fixed: Various security fixes
  MFSA 2020-10 (bsc#1166238)
  * CVE-2020-6805 (bmo#1610880)
    Use-after-free when removing data about origins
  * CVE-2020-6806 (bmo#1612308)
    BodyStream::OnInputStreamReady was missing protections
    against state confusion
  * CVE-2020-6807 (bmo#1614971)
    Use-after-free in cubeb during stream destruction
  * CVE-2020-6811 (bmo#1607742)
    Devtools' 'Copy as cURL' feature did not fully escape
    website-controlled data, potentially leading to command
    injection
  * CVE-2019-20503 (bmo#1613765)
    Out of bounds reads in sctp_load_addresses_from_init
  * CVE-2020-6812 (bmo#1616661)
    The names of AirPods with personally identifiable information
    were exposed to websites with camera or microphone permission
  * CVE-2020-6814 (bmo#1592078, bmo#1604847, bmo#1608256,
    bmo#1612636, bmo#1614339)
    Memory safety bugs fixed in Thunderbird 68.6

- Mozilla Thunderbird 68.5
  * new: Support for Client Identity IMAP/SMTP Service Extension
    (bmo#1532388)
  * new: Support for OAuth 2.0 authentication for POP3 accounts
    (bmo#1538409)
  * fixed: Status area goes blank during account setup
    (bmo#1593122)
  * fixed: Calendar: Could not remove color for default
    categories (bmo#1584853)
  * fixed: Calendar: Prevent calendar component loading multiple
    times (bmo#1606375)
  * fixed: Calendar: Today pane did not retain width between
    sessions (bmo#1610207)
  * fixed: Various <a href="https://www.mozilla.org/en-
    US/security/known-
    vulnerabilities/thunderbird/#thunderbird68.5">security
    fixes</a>
  * unresolved: When upgrading from Thunderbird version 60 to
    version 68, add-ons are not automatically updated during the
    upgrade process. They will however be updated during the add-
    on update check. It is of course possible to reinstall
    compatible add-ons via the Add-ons Manager or via
    addons.thunderbird.net. (bmo#1574183)
  MFSA 2020-07 (bsc#1163368)
  * CVE-2020-6793 (bmo#1608539)
    Out-of-bounds read when processing certain email messages
  * CVE-2020-6794 (bmo#1606619)
    Setting a master password post-Thunderbird 52 does not delete
    unencrypted previously stored passwords
  * CVE-2020-6795 (bmo#1611105)
    Crash processing S/MIME messages with multiple signatures
  * CVE-2020-6797 (bmo#1596668)
    Extensions granted downloads.open permission could open
    arbitrary applications on Mac OSX
  * CVE-2020-6798 (bmo#1602944)
    Incorrect parsing of template tag could result in JavaScript
    injection
  * CVE-2020-6792 (bmo#1609607)
    Message ID calculcation was based on uninitialized data
  * CVE-2020-6800 (bmo#1595786, bmo#1596706, bmo#1598543,
    bmo#1604851, bmo#1605777, bmo#1608580, bmo#1608785)
    Memory safety bugs fixed in Thunderbird 68.5

- Mozilla Thunderbird 68.4.2 (bsc#1162777)
  * changed: Calendar: Task and Event tree colours adjusted for
    the dark theme (bmo#1608344)
  * fixed: Retrieval of S/MIME certificates from LDAP failed
    (bmo#1604773)
  * fixed: Address-parsing crash on some IMAP servers when
    preference mail.imap.use_envelope_cmd was set (bmo#1609690)
  * fixed: Incorrect forwarding of HTML messages caused SMTP
    servers to respond with a timeout (bmo#1222046)
  * fixed: Calendar: Various parts of the calendar UI stopped
    working when a second Thunderbird window opened (bmo#1608407)

- Mozilla Thunderbird 68.4.1
  * changed: Various improvements when setting up an account for
    a Microsoft Exchange server: Now offers IMAP/SMTP if
    available, better detection for Office 365 accounts; re-run
    configuration after password change. (bmo#1592258)
  * fixed: Attachments with one or more spaces in their names
    couldn't be opened under some circumstances (bmo#1601905)
  * fixed: After changing view layout, the message display pane
    showed garbled content under some circumstances (bmo#265393)
  * fixed: Tags were lost on messages in shared IMAP folders
    under some circumstances (bmo#1596371)
  * fixed: Various theme changes to achieve "pixel perfection":
    Unread icon, "no results" icon, paragraph format and font
    selector, background of folder summary tooltip (bmo#1605612)
  * fixed: Calendar: Event attendee dialog was not displayed
    correctly (bmo#1604797)
  * fixed: Various security fixes
  MFSA 2020-04 (bsc#1160305, bsc#1160498)
  * CVE-2019-17026 (bmo#1607443)
    IonMonkey type confusion with StoreElementHole and
    FallibleStoreElement
  * CVE-2019-17015 (bmo#1599005)
    Memory corruption in parent process during new content
    process initialization on Windows
  * CVE-2019-17016 (bmo#1599181)
    Bypass of @namespace CSS sanitization during pasting
  * CVE-2019-17017 (bmo#1603055)
    Type Confusion in XPCVariant.cpp
  * CVE-2019-17021 (bmo#1599008)
    Heap address disclosure in parent process during content
    process initialization on Windows
  * CVE-2019-17022 (bmo#1602843)
    CSS sanitization does not escape HTML tags
  * CVE-2019-17024 (bmo#1507180, bmo#1595470, bmo#1598605,
    bmo#1601826)
    Memory safety bugs fixed in Thunderbird 68.4.1
- Removed patch that is now upstream: mozilla-bmo1511604.patch
- Added patch to fix broken URL-bar on s390x:
  mozilla-bmo1602730.patch

- Mozilla Thunderbird 68.3.1
  * changed: In dark theme unread messages no longer shown in
    blue to distinguish from tagged messages (bmo#1596702)
  * changed: Account setup is now using client side DNS MX lookup
    instead of relying on a server. (bmo#1349337)
  * fixed: Searching LDAP address book crashed in some
    circumstances (bmo#1601389)
  * fixed: Message navigation with backward and forward buttons
    did not work in some circumstances (bmo#533504)
  * fixed: WebExtension toolbar icons were displayed too small
    (bmo#1598955)
  * fixed: Calendar: Tasks due today were not listed in bold
    (bmo#1598885)
  * fixed: Calendar: Last day of long-running events was not
    shown (bmo#1572964)

- Mozilla Firefox Thunderbird 68.3
  * new: Message display toolbar action WebExtension API
    (bmo#1531597)
  * new: Navigation buttons are now available in content tabs,
    for example those opened via an add-on search (bmo#787683)
  * changed: "New email" icon in Windows systray changed from in-
    tray with arrow to envelope (bmo#1594200)
  * fixed: Icons of attachments in the attachment pane of the
    Write window not always correct (bmo#1593280)
  * fixed: Toolbar buttons of add-ons in the menubar not shown
    after startup (bmo#1584160)
  * fixed: LDAP lookup not working when SSL was enabled. LDAP
    search not working when "All Address Books" was selected.
    (bmo#1576364)
  * fixed: Scam link confirmation panel not working (bmo#1596413)
  * fixed: In Write window, the Link Properties dialog wasn't
    showing named anchors in context menu (bmo#1593629)
  * fixed: Calendar: Start-up failed if the application menu is
    not on the calendar toolbars (bmo#1588516)
  * fixed: Chat: Account reordering via drag-and-drop not working
    on Instant messaging status dialog (Show Accounts)
    (bmo#1591505)
  MFSA 2019-37 (bsc#1158328)
  * CVE-2019-17008 (bmo#1546331)
    Use-after-free in worker destruction
  * CVE-2019-13722 (bmo#1580156)
    Stack corruption due to incorrect number of arguments in
    WebRTC code
  * CVE-2019-11745 (bmo#1586176)
    Out of bounds write in NSS when encrypting with a block
    cipher
  * CVE-2019-17009 (bmo#1510494)
    Updater temporary files accessible to unprivileged processes
  * CVE-2019-17010 (bmo#1581084)
    Use-after-free when performing device orientation checks
  * CVE-2019-17005 (bmo#1584170)
    Buffer overflow in plain text serializer
  * CVE-2019-17011 (bmo#1591334)
    Use-after-free when retrieving a document in antitracking
  * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667,
    bmo#1567209, bmo#1580288, bmo#1585760, bmo#1592502)
    Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3

- Remove patch thunderbird-broken-locales-build.patch due to
  switch to a different method for building locales
- Added patch mozilla-bmo849632.patch to fix some webgl-problems
  on big endian machines (sync from FF)

- Mozilla Thunderbird 68.2.1
  * new: A language for the user interface can now be chosen in
    the advanced settings (multilingual UI) (bmo#1590206)
  * fixed: Problem with Google authentication (OAuth2)
    (bmo#1592407)
  * fixed: Selected or unread messages not shown in the correct
    color in the thread pane (message list) under some
    circumstances (bmo#1585765)
  * fixed: When using a language pack, names of standard folders
    weren't localized (bmo#1575512, boo#1149126)
  * fixed: Address book default startup directory in preferences
    panel not persisted (bmo#1591364)
  * fixed: Various visual glitches: Conditions in filter editor
    not high enough, folder location widget not showing folder
    name, problem with menubar customization, add-on home page
    links accumulating, theme issues on Windows 7 (bmo#1590666)
  * fixed: Issues when upgrading from a 32bit version of
    Thunderbird to a 64bit version. Note: If your profile is
    still not recognised, selected it by visiting about:profiles
    in the Troubleshooting Information. (bmo#1587067)
  * fixed: Chat: Extended context menu on Instant messaging
    status dialog (Show Accounts) (bmo#1591506)
- added mozilla-bmo1504834-part4.patch to fix some visual issues
  on big endian platforms

- Mozilla Thunderbird 68.2
  * new: Message Display WebExtension API
  * new: Message Search WebExtension API
  * Bugfixes
    Better visual feedback for unread messages when using the
    dark theme
    Various issues when editing mailing lists
    Integration with macOS addressbook and notifications not working
    after introduction of notarization
    Application windows not maintaining their size after restart
    Issues when upgrading from a 32bit version of Thunderbird to a
    64bit version.
  * various security fixes
  MFSA 2019-33/2019-35 (bsc#1154738)
  * CVE-2019-15903 (bmo#1584907)
    Heap overflow in expat library in XML_GetCurrentLineNumber
  * CVE-2019-11757 (bmo#1577107)
    Use-after-free when creating index updates in IndexedDB
  * CVE-2019-11758 (bmo#1536227)
    Potentially exploitable crash due to 360 Total Security
  * CVE-2019-11759 (bmo#1577953)
    Stack buffer overflow in HKDF output
  * CVE-2019-11760 (bmo#1577719)
    Stack buffer overflow in WebRTC networking
  * CVE-2019-11761 (bmo#1561502)
    Unintended access to a privileged JSONView object
  * CVE-2019-11762 (bmo#1582857)
    document.domain-based origin isolation has same-origin-
    property violation
  * CVE-2019-11763 (bmo#1584216)
    Incorrect HTML parsing results in XSS bypass technique
  * CVE-2019-11764 (bmo#1548044, bmo#1558522, bmo#1571223,
    bmo#1573048, bmo#1575217, bmo#1577061, bmo#1578933,
    bmo#1581950, bmo#1583463, bmo#1583684, bmo#1586599,
    bmo#1586845)
    Memory safety bugs fixed in Thunderbird 68.2
- removed upstream patches:
  * mozilla-bmo1512162.patch
  * mozilla-bmo1573381.patch
  * mozilla-bmo1585099.patch

- Mozilla Thunderbird 68.1.2 (bsc#1153879)
  Bugfixes
  * Some attachments couldn't be opened in messages originating from
    MS Outlook 2016
  * Address book import from CSV
  * Performance problem in message body search
  * Ctrl+Enter to send a message would open an attachment if the
    attachment pane had focus
  * Calendar: Issues with "Today Pane" start-up
  * Calendar: Glitches with custom repeat and reminder number input
  * Calendar: Problems with WCAP provider
- add mozilla-bmo1585099.patch to fix build with rust >= 1.38
- add mozilla-fix-top-level-asm.patch to fix LTO build (w/o PGO)
- updated translations-other locale list
- remove kde.js since disabling instantApply breaks extensions and
  is obsolete with the move to HTML views for preferences (boo#1151186)
- Update create-tar.sh (bsc#1152778)
- Update mozilla-bmo1512162.patch to the patch now commited upstream
  * No more -O1 builds for ppc64le necessary
- Deactivate currently useless crashreporter for the last remaining
  arch

- Mozilla Thunderbird 68.1.1
  Bugfixes
  * Issues with attachments in IMAP messages
  * Gmail accounts ignored a non-standard trash folder selection
  * Entering/pasting lists of recipients into the addressing widget or
    mailing list not working reliably, especially when lists contained
    multiple commas or semicolons
  * Edit mailing list not working
  * Various theme fixes, especially dark theme improvements for Calendar
  * Contrast between tag label and background not optimal
  * Account Central pane always loaded at start-up
  * "Config Editor" button not removed if blocked by policy
  * Calendar: Free/busy information in attendees dialog not scrolled
    correctly. Note: Scroll arrows still not behaving correctly
  MFSA 2019-32
  * CVE-2019-11755 (bmo#1240290)
    Spoofing a message author via a crafted S/MIME message

- Mozilla Thunderbird 68.1.0
  * Offer to configure Exchange accounts for Office365. A third-
    party add-on is required for this account type.
    IMAP still exists as alternative.
  * Edit tag not working
  * Write window: "Insert > Characters and Symbols" not working
  * Moving/dragging messages from "Search Messages" result
    dialog not working
  * Command line -compose "attachment=" not working
  * Custom views not working
  * Issues with list of content types/actions for incoming attachments
  * "Learn More" links in Error Console not working
  * Visual glitches: Quick Filter Bar tag buttons too tall, missing
    scroll bar on Connection Setting subdialog, LDAP server
    selection after "New", "Edit" and "Delete"
  * Calendar: Parts of CalDAV dialog not working
  MFSA 2019-30
  * CVE-2019-11739 (bmo#1571481, bsc#1150939)
    Covert Content Attack on S/MIME encryption using a crafted
    multipart/alternative message
  * CVE-2019-11746 (bmo#1564449, bsc#1149297)
    Use-after-free while manipulating video
  * CVE-2019-11744 (bmo#1562033, bsc#1149304)
    XSS by breaking out of title and textarea elements using
    innerHTML
  * CVE-2019-11742 (bmo#1559715, bsc#1149303)
    Same-origin policy violation with SVG filters and canvas to
    steal cross-origin images
  * CVE-2019-11752 (bmo#1501152, bsc#1149296)
    Use-after-free while extracting a key value in IndexedDB
  * CVE-2019-11743 (bmo#1560495, bsc#1149298,
    https://w3c.github.io/navigation-timing)
    Cross-origin access to unload event attributes
  * CVE-2019-11740 (bmo#1563133, bmo#1573160, bsc#1149299)
    Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1,
    Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9
- Mozilla Thunderbird 68.0
  * based on Firefox ESR 68
  * File link attachments can now be linked to again instead of
    uploading them again
  * Mark all folders of an account as read
  * Run filters periodically. Improved filter logging
  * OAuth2 authentication for Yandex
  * Language packs can now be selected in the Advanced Options.
    Preference intl.multilingual.enabled needs to be set (and possily
    also extensions.langpacks.signatures.required needs to be set to false)
  * Added a policy engine that allows customized Thunderbird deployments
    in enterprise environments, using Windows Group Policy or a
    cross-platform JSON file
  * TCP keepalive for IMAP protocol
  * Full Unicode support for MAPI interfaces: New support for MAPISendMailW
  * Calendar: Time zone data can now include past and future changes.
    All known time zone changes from 2018 to 2022 are included.
  * Chat: In each conversation an individual spellcheck language can
    be selected now
  MFSA 2019-28
  * CVE-2019-11711 (bmo#1552541)
    Script injection within domain through inner window reuse
  * CVE-2019-11712 (bmo#1543804)
    Cross-origin POST requests can be made with NPAPI plugins by
    following 308 redirects
  * CVE-2019-11713 (bmo#1528481)
    Use-after-free with HTTP/2 cached stream
  * CVE-2019-11714 (bmo#1542593)
    NeckoChild can trigger crash when accessed off of main thread
  * CVE-2019-11729 (bmo#1515342)
    Empty or malformed p256-ECDH public keys may trigger a
    segmentation fault
  * CVE-2019-11715 (bmo#1555523)
    HTML parsing error can contribute to content XSS
  * CVE-2019-11716 (bmo#1552632)
    globalThis not enumerable until accessed
  * CVE-2019-11717 (bmo#1548306)
    Caret character improperly escaped in origins
  * CVE-2019-11719 (bmo#1540541)
    Out-of-bounds read when importing curve25519 private key
  * CVE-2019-11720 (bmo#1556230)
    Character encoding XSS vulnerability
  * CVE-2019-11721 (bmo#1256009)
    Domain spoofing through unicode latin 'kra' character
  * CVE-2019-11730 (bmo#1558299)
    Same-origin policy treats all files in a directory as having
    the same-origin
  * CVE-2019-11723 (bmo#1528335)
    Cookie leakage during add-on fetching across private browsing
    boundaries
  * CVE-2019-11724 (bmo#1512511)
    Retired site input.mozilla.org has remote troubleshooting
    permissions
  * CVE-2019-11725 (bmo#1483510)
    Websocket resources bypass safebrowsing protections
  * CVE-2019-11727 (bmo#1552208)
    PKCS#1 v1.5 signatures can be used for TLS 1.3
  * CVE-2019-11728 (bmo#1552993)
    Port scanning through Alt-Svc header
  * CVE-2019-11710 (bmo#1400563, bmo#1507696, bmo#1510345,
    bmo#1533842, bmo#1535482, bmo#1535848, bmo#1537692,
    bmo#1540590, bmo#1544180, bmo#1547472, bmo#1547760,
    bmo#1548611, bmo#1549768, bmo#1551907)
    Memory safety bugs fixed in Firefox 68 and Thunderbird 68
  * CVE-2019-11709 (bmo#1515052, bmo#1533522, bmo#1539219,
    bmo#1540759, bmo#1547266, bmo#1547757, bmo#1548822,
    bmo#1550498, bmo#1550498)
    Memory safety bugs fixed in Firefox 68, Firefox ESR 60.8, and
    Thunderbird 68
- removed patches that are now upstream
  * mozilla-bmo1375074.patch
  * mozilla-i586-DecoderDoctorLogger.patch
  * mozilla-i586-domPrefs.patch
  * mozilla-bmo1464766.patch
  * mozilla-bigendian_bit_flags_alias.patch
- added patch to make builds reproducible
  * mozilla-bmo1568145.patch
- added a bunch of patches mainly for big endian platforms
  * mozilla-bmo1504834-part1.patch
  * mozilla-bmo1504834-part2.patch
  * mozilla-bmo1504834-part3.patch
  * mozilla-bmo1511604.patch
  * mozilla-bmo1512162.patch
  * mozilla-bmo1554971.patch
  * mozilla-bmo1573381.patch
  * mozilla-nestegg-big-endian.patch
  * mozilla-ppc-altivec_static_inline.patch
- added patches to fix build on armv7:
  * mozilla-bmo1463035.patch
  * mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
- added patch to fix non-return function
  * mozilla-cubeb-noreturn.patch
- added patch to fix aarch64 build:
  * mozilla-fix-aarch64-libopus.patch (bmo#1539737)
- added patch to reduce build-load
  * mozilla-reduce-rust-debuginfo.patch
- added patch to fix locales-build
  * thunderbird-broken-locales-build.patch
- added patch to fix implicit declarations
  * mozilla-openaes-decl.patch
- added samba-patch from Firefox
  * mozilla-ntlm-full-path.patch

- Mozilla Firefox Thunderbird 60.8
  MFSA 2019-23 (bsc#1140868)
  * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327)
    Sandbox escape via installation of malicious language pack
  * CVE-2019-11711 (bmo#1552541)
    Script injection within domain through inner window reuse
  * CVE-2019-11712 (bmo#1543804)
    Cross-origin POST requests can be made with NPAPI plugins by
    following 308 redirects
  * CVE-2019-11713 (bmo#1528481)
    Use-after-free with HTTP/2 cached stream
  * CVE-2019-11729 (bmo#1515342)
    Empty or malformed p256-ECDH public keys may trigger a
    segmentation fault
  * CVE-2019-11715 (bmo#1555523)
    HTML parsing error can contribute to content XSS
  * CVE-2019-11717 (bmo#1548306)
    Caret character improperly escaped in origins
  * CVE-2019-11719 (bmo#1540541)
    Out-of-bounds read when importing curve25519 private key
  * CVE-2019-11730 (bmo#1558299)
    Same-origin policy treats all files in a directory as having
    the same-origin
  * CVE-2019-11709 (bmo#1515052, bmo#1533522, bmo#1539219,
    bmo#1540759, bmo#1547266, bmo#1547757, bmo#1548822,
    bmo#1550498, bmo#1550498)
    Memory safety bugs fixed in Firefox 68, Firefox ESR 60.8, and
    Thunderbird 60.8
- Calendar: Problems when editing event times, some related to
  AM/PM setting in non-English locales

- Mozilla Firefox Thunderbird 60.7.2
  MFSA 2019-20 (bsc#1138872)
  * CVE-2019-11707 (bmo#1544386)
    Type confusion in Array.pop
  * CVE-2019-11708 (bmo#1559858)
    sandbox escape using Prompt:Open

- Mozilla Firefox Thunderbird 60.7.1
  MFSA 2019-17 (bsc#1137595)
  * CVE-2019-11703 (bmo#1553820)
    Heap buffer overflow in icalparser.c
  * CVE-2019-11704 (bmo#1553814)
    Heap buffer overflow in icalvalue.c
  * CVE-2019-11705 (bmo#1553808)
    Stack buffer overflow in icalrecur.c
  * CVE-2019-11706 (bmo#1555646)
    Type confusion in icalproperty.c
- No prompt for smartcard PIN when S/MIME signing is used
- Removed obsolete patches:
    [thunderbird-bsc1137595.patch]

- Fix security vulnerabilities in Thunderbird 60.7 (bsc#1137595)
  * CVE-2019-11706 (bmo#1555646)
  * CVE-2019-11705 (bmo#1553808)
  * CVE-2019-11704 (bmo#1553814)
  * CVE-2019-11703 (bmo#1553820)
- Added patches:
    [thunderbird-bsc1137595.patch]