- New ESR version.
- Security fixes
  + CVE-2024-3852 GetBoundName in the JIT returned the wrong object
  + CVE-2024-3854 Out-of-bounds-read after mis-optimized switch statement
  + CVE-2024-3857 Incorrect JITting of arguments led to use-after-free during garbage collection
  + CVE-2024-2609 Permission prompt input delay could expire when not in focus
  + CVE-2024-3859 Integer-overflow led to out-of-bounds-read in the OpenType sanitizer
  + CVE-2024-3861 Potential use-after-free due to AlignedBuffer self-move
  + CVE-2024-3863 Download Protections were bypassed by .xrm-ms files on Windows
  + CVE-2024-3302 Denial of Service using HTTP/2 CONTINUATION frames
  + CVE-2024-3864 Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10

- ! add path to bundle

- New ESR version.
- Security fixes
  + CVE-2024-0743 Crash in NSS TLS method
  + CVE-2024-2605 Windows Error Reporter could be used as a Sandbox escape vector
  + CVE-2024-2607 JIT code failed to save return registers on Armv7-A
  + CVE-2024-2608 Integer overflow could have led to out of bounds write
  + CVE-2024-2616 Improve handling of out-of-memory conditions in ICU
  + CVE-2023-5388 NSS susceptible to timing attack against RSA decryption
  + CVE-2024-2610 Improper handling of html and body tags enabled CSP nonce leakage
  + CVE-2024-2611 Clickjacking vulnerability could have led to a user accidentally granting permissions
  + CVE-2024-2612 Self referencing object could have potentially led to a use-after-free
  + CVE-2024-2614 Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9
  + CVE-2024-29944 Privileged JavaScript Execution via Event Handlers

- New version.
- Security fixes:
  + CVE-2024-0743 Crash in NSS TLS method
  + CVE-2024-2605 Windows Error Reporter could be used as a Sandbox escape vector
  + CVE-2024-2607 JIT code failed to save return registers on Armv7-A
  + CVE-2024-2608 Integer overflow could have led to out of bounds write
  + CVE-2024-2616 Improve handling of out-of-memory conditions in ICU
  + CVE-2023-5388 NSS susceptible to timing attack against RSA decryption
  + CVE-2024-2610 Improper handling of html and body tags enabled CSP nonce leakage
  + CVE-2024-2611 Clickjacking vulnerability could have led to a user accidentally granting permissions
  + CVE-2024-2612 Self referencing object could have potentially led to a use-after-free
  + CVE-2024-2614 Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9

- New version.
- Security fixes:
  + CVE-2024-1936 Leaking of encrypted email subjects to other conversations

- update new release 3.0.9 (Closed: #49562)

- New ESR version.
- Security fixes
  + CVE-2024-1546 Out-of-bounds memory read in networking channels
  + CVE-2024-1547 Alert dialog could have been spoofed on another site
  + CVE-2024-1548 Fullscreen Notification could have been hidden by select element
  + CVE-2024-1549 Custom cursor could obscure the permission dialog
  + CVE-2024-1550 Mouse cursor re-positioned unexpectedly could have led to unintended permission grants
  + CVE-2024-1551 Multipart HTTP Responses would accept the Set-Cookie header in response parts
  + CVE-2024-1552 Incorrect code generation on 32-bit ARM devices
  + CVE-2024-1553 Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8

- New ESR version.
- Security fixes
  + CVE-2024-0741 Out of bounds write in ANGLE
  + CVE-2024-0742 Failure to update user input timestamp
  + CVE-2024-0746 Crash when listing printers on Linux
  + CVE-2024-0747 Bypass of Content Security Policy when directive unsafe-inline was set
  + CVE-2024-0749 Phishing site popup could show local origin in address bar
  + CVE-2024-0750 Potential permissions request bypass via clickjacking
  + CVE-2024-0751 Privilege escalation through devtools
  + CVE-2024-0753 HSTS policy on subdomain could bypass policy of upper domain
  + CVE-2024-0755 Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7

- New ESR version.
- Security fixes
  + CVE-2023-6856 Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver
  + CVE-2023-6865 Potential exposure of uninitialized data in EncryptingOutputStream
  + CVE-2023-6857 Symlinks may resolve to smaller than expected buffers
  + CVE-2023-6858 Heap buffer overflow in nsTextFragment
  + CVE-2023-6859 Use-after-free in PR_GetIdentitiesLayer
  + CVE-2023-6860 Potential sandbox escape due to VideoBridge lack of texture validation
  + CVE-2023-6867 Clickjacking permission prompts using the popup transition
  + CVE-2023-6861 Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode
  + CVE-2023-6862 Use-after-free in nsDNSService
  + CVE-2023-6863 Undefined behavior in ShutdownObserver()
  + CVE-2023-6864 Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6

- 3.1

- Fix version (ALT #48545)

- New ESR version.
- Security fixes
  + CVE-2023-5721 Queued up rendering could have allowed websites to clickjack
  + CVE-2023-5732 Address bar spoofing via bidirectional characters
  + CVE-2023-5724 Large WebGL draw could have led to a crash
  + CVE-2023-5725 WebExtensions could open arbitrary URLs
  + CVE-2023-5726 Full screen notification obscured by file open dialog on macOS
  + CVE-2023-5727 Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows
  + CVE-2023-5728 Improper object tracking during GC in the JavaScript engine could have led to a crash.
  + CVE-2023-5730 Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1

- New version (Closes: #47908)

- ExcludeArch: i386 i486 i586 i686 i786 i886 i986 pentium2 pentium3 pentium4 k6 athlon athlon_xp ppc64le

- ExcludeArch: i386 i486 i586 i686 i786 i886 i986 pentium2 pentium3 pentium4 k6 athlon athlon_xp ppc64le

- ExcludeArch: i386 i486 i586 i686 i786 i886 i986 pentium2 pentium3 pentium4 k6 athlon athlon_xp ppc64le

- Fix check dependencies error for GLIBC_PRIVATE

- New version (3.92).
- Certificate Authority Changes:
  + Add CN=Atos TrustedRoot Root CA ECC G2 2020
  + Add CN=Atos TrustedRoot Root CA RSA G2 2020
  + Add CN=LAWtrust Root CA2 (4096)
  + Add CN=SSL.com Client ECC Root CA 2022
  + Add CN=SSL.com Client RSA Root CA 2022
  + Add CN=SSL.com TLS ECC Root CA 2022
  + Add CN=SSL.com TLS RSA Root CA 2022
  + Add CN=Sectigo Public Email Protection Root E46
  + Add CN=Sectigo Public Email Protection Root R46
  + Add CN=Sectigo Public Server Authentication Root E46
  + Add CN=Sectigo Public Server Authentication Root R46
  + Remove CN=Chambers of Commerce Root,OU=http://www.chambersign.org
  + Remove CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi
  + Remove CN=E-Tugra Global Root CA ECC v3,OU=E-Tugra Trust Center
  + Remove CN=E-Tugra Global Root CA RSA v3,OU=E-Tugra Trust Center
  + Remove CN=Hongkong Post Root CA 1

- Fixes: Unstable name collisions
         Build failure with GCC 13

- New ESR version.
- Security fixes
  + CVE-2023-34414 Click-jacking certificate exceptions through rendering lag
  + CVE-2023-34416 Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12

- Fix removing depricated i810 definations

- New version.
- Security fixes:
  + CVE-2023-32205 Browser prompts could have been obscured by popups
  + CVE-2023-32206 Crash in RLBox Expat driver
  + CVE-2023-32207 Potential permissions request bypass via clickjacking
  + CVE-2023-32211 Content process crash due to invalid wasm code
  + CVE-2023-32212 Potential spoof due to obscured address bar
  + CVE-2023-32213 Potential memory corruption in FileReader::DoReadData()
  + CVE-2023-32214 Potential DoS via exposed protocol handlers
  + CVE-2023-32215 Memory safety bugs fixed in Thunderbird 102.11

- New ESR version.
- Security fixes
  + CVE-2023-32205 Browser prompts could have been obscured by popups
  + CVE-2023-32206 Crash in RLBox Expat driver
  + CVE-2023-32207 Potential permissions request bypass via clickjacking
  + CVE-2023-32211 Content process crash due to invalid wasm code
  + CVE-2023-32212 Potential spoof due to obscured address bar
  + CVE-2023-32213 Potential memory corruption in FileReader::DoReadData()
  + CVE-2023-32214 Potential DoS via exposed protocol handlers
  + CVE-2023-32215 Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11

- New ESR version.
- Security fixes
  + CVE-2023-29531 Out-of-bound memory access in WebGL on macOS
  + CVE-2023-29532 Mozilla Maintenance Service Write-lock bypass
  + CVE-2023-29533 Fullscreen notification obscured
  + CVE-2023-1999 Double-free in libwebp
  + CVE-2023-29535 Potential Memory Corruption following Garbage Collector compaction
  + CVE-2023-29536 Invalid free from JavaScript code
  + CVE-2023-29539 Content-Disposition filename truncation leads to Reflected File Download
  + CVE-2023-29541 Files with malicious extensions could have been downloaded unsafely on Linux
  + CVE-2023-29542 Bypass of file download extension restrictions
  + CVE-2023-29545 Windows Save As dialog resolved environment variables
  + CVE-2023-1945 Memory Corruption in Safe Browsing Code
  + CVE-2023-29548 Incorrect optimization result on ARM64
  + CVE-2023-29550 Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10

- New version.
- Security fixes:
  + CVE-2023-29531 Out-of-bound memory access in WebGL on macOS
  + CVE-2023-29532 Mozilla Maintenance Service Write-lock bypass
  + CVE-2023-29533 Fullscreen notification obscured
  + CVE-2023-1999 Double-free in libwebp
  + CVE-2023-29535 Potential Memory Corruption following Garbage Collector compaction
  + CVE-2023-29536 Invalid free from JavaScript code
  + CVE-2023-0547 Revocation status of S/Mime recipient certificates was not checked
  + CVE-2023-29479 Hang when processing certain OpenPGP messages
  + CVE-2023-29539 Content-Disposition filename truncation leads to Reflected File Download
  + CVE-2023-29541 Files with malicious extensions could have been downloaded unsafely on Linux
  + CVE-2023-29542 Bypass of file download extension restrictions
  + CVE-2023-29545 Windows Save As dialog resolved environment variables
  + CVE-2023-1945 Memory Corruption in Safe Browsing Code
  + CVE-2023-29548 Incorrect optimization result on ARM64
  + CVE-2023-29550 Memory safety bugs fixed in Thunderbird 102.10

- New ESR version.
- Security fixes
  + CVE-2023-25751 Incorrect code generation during JIT compilation
  + CVE-2023-28164 URL being dragged from a removed cross-origin iframe into the same tab triggered navigation
  + CVE-2023-28162 Invalid downcast in Worklets
  + CVE-2023-25752 Potential out-of-bounds when accessing throttled streams
  + CVE-2023-28163 Windows Save As dialog resolved environment variables
  + CVE-2023-28176 Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9

- New version.
- Security fixes:
  + CVE-2023-25751 Incorrect code generation during JIT compilation
  + CVE-2023-28164 URL being dragged from a removed cross-origin iframe into the same tab triggered navigation
  + CVE-2023-28162 Invalid downcast in Worklets
  + CVE-2023-25752 Potential out-of-bounds when accessing throttled streams
  + CVE-2023-28163 Windows Save As dialog resolved environment variables
  + CVE-2023-28176 Memory safety bugs fixed in Thunderbird 102.9

- New ESR version.
- Security fixes
  + CVE-2023-25728 Content security policy leak in violation reports using iframes
  + CVE-2023-25730 Screen hijack via browser fullscreen mode
  + CVE-2023-0767 Arbitrary memory write via PKCS 12 in NSS
  + CVE-2023-25735 Potential use-after-free from compartment mismatch in SpiderMonkey
  + CVE-2023-25737 Invalid downcast in SVGUtils::SetupStrokeGeometry
  + CVE-2023-25738 Printing on Windows could potentially crash Firefox with some device drivers
  + CVE-2023-25739 Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext
  + CVE-2023-25729 Extensions could have opened external schemes without user knowledge
  + CVE-2023-25732 Out of bounds memory write from EncodeInputStream
  + CVE-2023-25734 Opening local .url files could cause unexpected network loads
  + CVE-2023-25742 Web Crypto ImportKey crashes tab
  + CVE-2023-25744 Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8
  + CVE-2023-25746 Memory safety bugs fixed in Firefox ESR 102.8

- New version.
- Security fixes:
  + CVE-2023-0616 User Interface lockup with messages combining S/MIME and OpenPGP
  + CVE-2023-25728 Content security policy leak in violation reports using iframes
  + CVE-2023-25730 Screen hijack via browser fullscreen mode
  + CVE-2023-0767 Arbitrary memory write via PKCS 12 in NSS
  + CVE-2023-25735 Potential use-after-free from compartment mismatch in SpiderMonkey
  + CVE-2023-25737 Invalid downcast in SVGUtils::SetupStrokeGeometry
  + CVE-2023-25738 Printing on Windows could potentially crash Thunderbird with some device drivers
  + CVE-2023-25739 Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext
  + CVE-2023-25729 Extensions could have opened external schemes without user knowledge
  + CVE-2023-25732 Out of bounds memory write from EncodeInputStream
  + CVE-2023-25734 Opening local .url files could cause unexpected network loads
  + CVE-2023-25742 Web Crypto ImportKey crashes tab
  + CVE-2023-25746 Memory safety bugs fixed in Thunderbird 102.8

- New ESR version.
- Security fixes
  + CVE-2022-46871 libusrsctp library out of date
  + CVE-2023-23598 Arbitrary file read from GTK drag and drop on Linux
  + CVE-2023-23599 Malicious command could be hidden in devtools output on Windows
  + CVE-2023-23601 URL being dragged from cross-origin iframe into same tab triggers navigation
  + CVE-2023-23602 Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
  + CVE-2022-46877 Fullscreen notification bypass
  + CVE-2023-23603 Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive
  + CVE-2023-23605 Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7

- New version.
- Security fixes:
  + CVE-2023-0430 Revocation status of S/Mime signature certificates was not checked

- New version.
- Security fixes:
  + CVE-2022-46871 libusrsctp library out of date
  + CVE-2023-23598 Arbitrary file read from GTK drag and drop on Linux
  + CVE-2023-23599 Malicious command could be hidden in devtools output on Windows
  + CVE-2023-23601 URL being dragged from cross-origin iframe into same tab triggers navigation
  + CVE-2023-23602 Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
  + CVE-2022-46877 Fullscreen notification bypass
  + CVE-2023-23603 Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive
  + CVE-2023-23605 Memory safety bugs fixed in Thunderbird 102.7

- Update from upstream
- Fix missed header file
- Update source url(Closes: #40516)

- New version.
- Security fixes:
  + CVE-2022-46874 Drag and Dropped Filenames could have been truncated to malicious extensions

- New version.
- Security fixes:
  + CVE-2022-46880 Use-after-free in WebGL
  + CVE-2022-46872 Arbitrary file read from a compromised content process
  + CVE-2022-46881 Memory corruption in WebGL
  + CVE-2022-46874 Drag and Dropped Filenames could have been truncated to malicious extensions
  + CVE-2022-46875 Download Protections were bypassed by .atloc and .ftploc files on Mac OS
  + CVE-2022-46882 Use-after-free in WebGL
  + CVE-2022-46878 Memory safety bugs fixed in Thunderbird 102.6

- New ESR version.
- Security fixes
  + CVE-2022-46880 Use-after-free in WebGL
  + CVE-2022-46872 Arbitrary file read from a compromised content process
  + CVE-2022-46881 Memory corruption in WebGL
  + CVE-2022-46874 Drag and Dropped Filenames could have been truncated to malicious extensions
  + CVE-2022-46875 Download Protections were bypassed by .atloc and .ftploc files on Mac OS
  + CVE-2022-46882 Use-after-free in WebGL
  + CVE-2022-46878 Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6

- Build with llvm-version 12 instead llvm-version 13 (Closes: #44436)

- New version.
- Security fixes:
  + CVE-2022-45414 Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration

- New version.
- Security fixes:
  + CVE-2022-45403 Service Workers might have learned size of cross-origin media files
  + CVE-2022-45404 Fullscreen notification bypass
  + CVE-2022-45405 Use-after-free in InputStream implementation
  + CVE-2022-45406 Use-after-free of a JavaScript Realm
  + CVE-2022-45408 Fullscreen notification bypass via windowName
  + CVE-2022-45409 Use-after-free in Garbage Collection
  + CVE-2022-45410 ServiceWorker-intercepted requests bypassed SameSite cookie policy
  + CVE-2022-45411 Cross-Site Tracing was possible via non-standard override headers
  + CVE-2022-45412 Symlinks may resolve to partially uninitialized buffers
  + CVE-2022-45416 Keystroke Side-Channel Leakage
  + CVE-2022-45418 Custom mouse cursor could have been drawn over browser UI
  + CVE-2022-45420 Iframe contents could be rendered outside the iframe
  + CVE-2022-45421 Memory safety bugs fixed in Thunderbird 102.5

- Enabled build with nss

- Merge with 91.10.0-alt1

- Defined preview nss version

- New version.
- Security fixes:
  + CVE-2022-1802 Prototype pollution in Top-Level Await implementation
  + CVE-2022-1529 Untrusted input used in JavaScript object indexing, leading to prototype pollution

- Enable build with nss.

- New version.
- Security fixes:
  + CVE-2022-26383 Browser window spoof using fullscreen mode
  + CVE-2022-26384 iframe allow-scripts sandbox bypass
  + CVE-2022-26387 Time-of-check time-of-use bug when verifying add-on signatures
  + CVE-2022-26381 Use-after-free in text reflows
  + CVE-2022-26386 Temporary files downloaded to /tmp and accessible by other local users

- New ESR version.
- Security fixes: 
  + CVE-2022-26383 Browser window spoof using fullscreen mode
  + CVE-2022-26384 iframe allow-scripts sandbox bypass
  + CVE-2022-26387 Time-of-check time-of-use bug when verifying add-on signatures
  + CVE-2022-26381 Use-after-free in text reflows
  + CVE-2022-26386 Temporary files downloaded to /tmp and accessible by other local users

- New version.
- Security fixes:
  + CVE-2022-26485 Use-after-free in XSLT parameter processing
  + CVE-2022-26486 Use-after-free in WebGPU IPC Framework

- New ESR version.
- Security fixes:
  + CVE-2022-26485 Use-after-free in XSLT parameter processing
  + CVE-2022-26486 Use-after-free in WebGPU IPC Framework

- New version.
- Security fixes:
  + CVE-2022-22753 Privilege Escalation to SYSTEM on Windows via Maintenance Service
  + CVE-2022-22754 Extensions could have bypassed permission confirmation during update
  + CVE-2022-22756 Drag and dropping an image could have resulted in the dropped object being an executable
  + CVE-2022-22759 Sandboxed iframes could have executed script if the parent appended elements
  + CVE-2022-22760 Cross-Origin responses could be distinguished between script and non-script content-types
  + CVE-2022-22761 frame-ancestors Content Security Policy directive was not enforced for framed extension pages
  + CVE-2022-22763 Script Execution during invalid object state
  + CVE-2022-22764 Memory safety bugs fixed in Thunderbird 91.6

- New ESR version.
- Security fixes:
  + CVE-2022-22753 Privilege Escalation to SYSTEM on Windows via Maintenance Service
  + CVE-2022-22754 Extensions could have bypassed permission confirmation during update
  + CVE-2022-22756 Drag and dropping an image could have resulted in the dropped object being an executable
  + CVE-2022-22759 Sandboxed iframes could have executed script if the parent appended elements
  + CVE-2022-22760 Cross-Origin responses could be distinguished between script and non-script content-types
  + CVE-2022-22761 frame-ancestors Content Security Policy directive was not enforced for framed extension pages
  + CVE-2022-22763 Script Execution during invalid object state
  + CVE-2022-22764 Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6

- New ESR version.

- New version.

- remove undefined option
- set replace versions for rake and rspec

- Build for Sisyphus (closes #41170)

- Fixes command line arguments parsing (#40643)