- Mozilla Thunderbird 128.4.4
  * QR codes were not scannable by Android app when using most
    high-contrast themes
  * Primary password prompt cancellation during mobile export was
    confusing
- revert using xdg-desktop-portal as some desktops have limited
  support
  Fixes:
  * Folder corruption could cause Thunderbird to freeze and become unusable
  * Message corruption could be propagated when reading mbox
  * Folder compaction was not abandoned on shutdown
  * Folder compaction did not clean up on failure
  * Collapsed NNTP thread incorrectly indicated there were unread messages
  * Navigating to next unread message did not wait for all messages
    to be loaded
  * Applying column view to folder and children could break if folder
    error occurred
  * Remote content notifications were broken with encrypted messages
  * Updating criteria of a saved search resulted in poor search performance
  * Drop-downs may not work in some places

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- remove kmozillahelper support (boo#1226112)
  * removed mozilla-kde.patch
  * requires xdg-desktop-portal instead

• Files Changed
• Browse Source

- Mozilla Thunderbird 128.4.3

• Files Changed
• Browse Source

- Mozilla Thunderbird 128.4.2
  * Increased the auto-compaction threshold to reduce the frequency
    of compaction (bmo#1927656)
  * fixed: New profile creation caused console errors (bmo#1912675)
  * fixed: Repair folder could result in older messages showing
    wrong date and time (bmo#1911916)
  * fixed: Recently deleted messages could become undeleted if
    message compaction failed (bmo#1924927)
  * fixed: Visual and UX improvements
    (bmo#1857413,bmo#1922934,bmo#1924437)
  * fixed: Clicking on an HTML button could cause Thunderbird to
    freeze (bmo#1879355)
  * fixed: Messages could not be selected for dragging
    (bmo#1887518)
  * fixed: Could not open attached file in a MIME encrypted
    message (bmo#1924637)
  * fixed: Account creation "Setup Documentation" link was broken
    (bmo#1925493)
  * fixed: Unable to generate QR codes when exporting to mobile
    in some cases (bmo#1928114)
  * fixed: Operating system reauthentication was missing when
    exporting QR codes for mobile (bmo#1928232)
  * fixed: Could not drag all-day events from one day to another
    in week view (bmo#1922944)
  * Add the 20 year donation appeal (bmo#192538)

• Files Changed
• Browse Source

- Mozilla Thunderbird 128.4.1

  * Export Thunderbird account settings to Thunderbird Mobile via QRCode
  Bugfixes:
  * Unable to send an unencrypted response to an OpenPGP encrypted message
  MFSA 2024-58 (bsc#1231879)
  * CVE-2024-10458 (bmo#1921733)
    Permission leak via embed or object elements
  * CVE-2024-10459 (bmo#1919087)
    Use-after-free in layout with accessibility
  * CVE-2024-10460 (bmo#1912537)
    Confusing display of origin for external protocol handler prompt
  * CVE-2024-10461 (bmo#1914521)
    XSS due to Content-Disposition being ignored in
    multipart/x-mixed-replace response
  * CVE-2024-10462 (bmo#1920423)
    Origin of permission prompt could be spoofed by long URL
  * CVE-2024-10463 (bmo#1920800)
    Cross origin video frame leak
  * CVE-2024-10464 (bmo#1913000)
    History interface could have been used to cause a Denial of
    Service condition in the browser
  * CVE-2024-10465 (bmo#1918853)
    Clipboard "paste" button persisted across tabs
  * CVE-2024-10466 (bmo#1924154)
    DOM push subscription message could hang Firefox
  * CVE-2024-10467 (bmo#1829029, bmo#1888538, bmo#1900394, bmo#1904059,
    bmo#1917742, bmo#1919809, bmo#1923706)
    Memory safety bugs fixed in Firefox 132, Thunderbird 132,
    Firefox ESR 128.4, and Thunderbird 128.4

• Files Changed
• Browse Source

- Mozilla Thunderbird 128.4.0

• Files Changed
• Browse Source

- Mozilla Thunderbird 128.3.3
  * Files left over from failed folder compactions could use up
    disk space (bmo#1878541)
  * Message list returned to selected message after action on
    another message (bmo#1917485)
  * Some faulty messages were downloaded and never stored
    (bmo#1923765)
  * Messages could become corrupted during folder compaction
    (bmo#1923747,bmo#1923541,bmo#1720047)
  * Searching events by Location, Description, or URL failed
    (bmo#1912710)
  * "Remove All Shown" saved passwords deleted all logins if
    filtered without results (bmo#601447)
  * Calendar event updates were not always sent to attendees
    (bmo#1877640)
  bugfix release:
  https://www.thunderbird.net/en-US/thunderbird/128.3.2esr/releasenotes
- bring back mozilla-bmo531915.patch to fix x86

• Files Changed
• Browse Source

- Mozilla Thunderbird 128.3.2

• Files Changed
• Browse Source

- bring back mozilla-bmo531915.patch to potentially fix x86
  https://www.thunderbird.net/en-US/thunderbird/128.0esr/releasenotes/
  and following release notes for minor version updates
  MFSA 2024-52  (bsc#1231413)
  Mozilla Thunderbird 128.3.0
  MFSA 2024-32 (128.0)
  MFSA 2024-37 (128.1)
  MFSA 2024-43 (128.2)
  MFSA 2024-49 (128.3) (bsc#1230979)
  * CVE-2024-9392 (bmo#1899154, bmo#1905843)
    Compromised content process can bypass site isolation
  * CVE-2024-9393 (bmo#1918301)
    Cross-origin access to PDF contents through multipart responses
  * CVE-2024-9394 (bmo#1918874)
    Cross-origin access to JSON contents through multipart responses
  * CVE-2024-8900 (bmo#1872841)
    Clipboard write permission bypass
  * CVE-2024-9396 (bmo#1912471)
    Potential memory corruption may occur when cloning certain objects
  * CVE-2024-9397 (bmo#1916659)
    Potential directory upload bypass via clickjacking
  * CVE-2024-9398 (bmo#1881037)
    External protocol handlers could be enumerated via popups
  * CVE-2024-9399 (bmo#1907726)
    Specially crafted WebTransport requests could lead to denial
    of service
  * CVE-2024-9400 (bmo#1915249)
    Potential memory corruption during JIT compilation
  * CVE-2024-9401 (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1916476)
    Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16,

• Files Changed
• Browse Source

- Mozilla Thunderbird 128.3.1
  MFSA 2024-  (bsc#1231413)
  * CVE-2024-9680 (bmo#1923344)
    Use-after-free in Animation timeline

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- Mozilla Thunderbird 128.3.0

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- Mozilla Thunderbird 128.2.3

- Mozilla Thunderbird 115.15.0
  MFSA 2024-44 (bsc#1229821)
  * CVE-2024-8381 (bmo#1912715)
    Type confusion when looking up a property name in a "with"
    block
  * CVE-2024-8382 (bmo#1906744)
    Internal event interfaces were exposed to web content when
    browser EventHandler listener callbacks ran
  * CVE-2024-8384 (bmo#1911288)
    Garbage collection could mis-color cross-compartment objects
    in OOM conditions

- Use gcc13 on Tumbleweed and where it is available.
- Don't use gcc14 as sources don't compile.

- Mozilla Thunderbird 115.14.0
  * When using an external installation of GnuPG, Thunderbird
    occassionally sent/received corrupted messages (bmo#1898832)
  * Users of external GnuPG were unable to decrypt incorrectly
    encoded messages (bmo#1906903)
  MFSA 2024-38 (bsc#1228648)
  * CVE-2024-7519 (bmo#1902307)
    Out of bounds memory access in graphics shared memory handling
  * CVE-2024-7521 (bmo#1904644)
    Incomplete WebAssembly exception handing
  * CVE-2024-7522 (bmo#1906727)
    Out of bounds read in editor component
  * CVE-2024-7525 (bmo#1909298)

• Files Changed
• Browse Source

  * CVE-2023-3417 (bmo#1835582)

• Files Changed
• Browse Source