File enigmail.changes of Package enigmail.7607
-------------------------------------------------------------------
Wed Jun 13 19:19:16 UTC 2018 - astieger@suse.com
- enigmail 2.0.7:
* CVE-2018-12020: Mitigation against GnuPG signature spoofing:
Email signatures could be spoofed via an embedded "--filename"
parameter in OpenPGP literal data packets. This update prevents
this issue from being exploited if GnuPG was not updated
(boo#1096745)
* CVE-2018-12019: The signature verification routine interpreted
User IDs as status/control messages and did not correctly keep
track of the status of multiple signatures. This allowed remote
attackers to spoof arbitrary email signatures via public keys
containing crafted primary user ids (boo#1097525)
-------------------------------------------------------------------
Fri Jun 1 08:04:05 UTC 2018 - astieger@suse.com
- enigmail 2.0.6.1:
* fix compatibility issue with Thunderbird 60b7
* disallow plaintext (literal packets) outside of encrpyted
packets
-------------------------------------------------------------------
Sun May 27 18:03:30 UTC 2018 - astieger@suse.com
- enigmail 2.0.6:
* Replies to a partially encrypted message may have revealed
protected information - no longer display PGP/MIME message
part followed by unencrypted data (bsc#1094781)
* Fix signature Spoofing via Inline-PGP in HTML Mails
* Fix filter actions forgetting selected mail folder names
-------------------------------------------------------------------
Tue May 22 06:01:27 UTC 2018 - astieger@suse.com
- enigmail 2.0.5:
* Improvements on previous fixes on CVE-2017-17688, bsc#1093151
and CVE-2017-17689, bsc#1093152 (EFAIL):
- do not decrypt MIME parts unnecessarily
- improve Error Message for Missing MDC
-------------------------------------------------------------------
Wed May 16 15:07:43 UTC 2018 - astieger@suse.com
- enigmail 2.0.4:
* CVE-2017-17688: CFB gadget attacks allowed to exfiltrate
plaintext out of encrypted emails. enigmail now fails on GnuPG
integrit check warnings for old Algorithms (EFAIL, bsc#1093151)
* CVE-2017-17689: CBC gadget attacks allows to exfiltrate
plaintext out of encrypted emails (EFAIL), bsc#1093152)
-------------------------------------------------------------------
Wed May 9 13:52:41 UTC 2018 - astieger@suse.com
- enigmail 2.0.3 addresses the following issues (bsc#1092581):
Stability and functionality:
* Thunderbird may at displaying a message with an encrypted e-mail
* Crash from processing double encrypted PGP/MIME message
* Specific UI interaction sequence may prevent editing OpenPGP
settings
* Filter might not not executed at Thunderbird startup for ne
message
* gpg not terminated correctly when canceling "Import Key"
Encryption/Decryption:
* Saving encrypted draft leaks subject (even if protected headers
are used)
* manual PGP/MIME sig verification not working
* Autocrpyt "addr" address might not match "From" header
* Viewing S/MIME signed email disables PGP signature checks
* S/MIME signing/encryption defaults not applied correctly
E-mail subject handling:
* Double "Re:" prefix on replies
* "Re:" prefix on subject line disappears when editing encrypted,
saved draft
* Encrypted Message" subject in reply messages
-------------------------------------------------------------------
Fri Apr 13 11:21:08 UTC 2018 - astieger@suse.com
- enigmail 2.0.2, addressing more regressions in 2.0/2.0.1:
* protected headers should not check for force-display part
* Incorrectly displayed subject line in writing dialog when
forwarding
* Error in Preferences Dialog upon loading
* Autocrypt messages were unreadable without Enigmail
-------------------------------------------------------------------
Tue Apr 3 16:28:50 UTC 2018 - astieger@suse.com
- enigmail 2.0.1, addressing several issues found in 2.0:
* S/MIME signing/encryption not working correctly, if Enigmail
is not enabled for an account
* Emails fail to decrypt if the sender address contains brackets
* Autocrypt-headers may flip manually created per-recipient rules
* The key manager does not load if no key on the keyring
-------------------------------------------------------------------
Mon Mar 26 08:22:06 UTC 2018 - astieger@suse.com
- enigmail 2.0:
* The Encryption and Signing buttons now work for both OpenPGP
and S/MIME. Enigmail will chose between S/MIME or OpenPGP
depending on whether the keys for all recipients are available
for the respective standard.
* Support for the Autocrypt standard, which is now enabled by
default.
* Support for Pretty Easy Privacy (p≡p) is implemented in
Enigmail.
* Support for Web Key Directory (WKD) is implemented. Enigmail
will try to download unavailable keys during message
composition from WKD. GnuPG 2.2.x is used the provider
supports the Web Key Service protocol, users can also use
Enigmail to upload keys to WKD.
* The message subject can now be encrypted and replaced with a
dummy subject, following the Memory Hole standard for
protected Email Headers.
* The keys on the keyring are automatically refreshed from
keyservers at an irregular interval.
* Enigmail was turned into a "restartless" addon. That is, once
Enigmail is installed, subsequent updates will be installed
without needing to restart Thunderbird.
* Keys are internally addressed using the fingerprint instead of
the key ID.
- Use %license (boo#1082318)
-------------------------------------------------------------------
Wed Dec 20 14:13:36 UTC 2017 - thardeck@suse.com
- enigmail 1.9.9, fixing multiple vulnerabilities (boo#1073858):
* Enigmail could be coerced to use a malicious PGP public key
with a corresponding secret key controlled by an attacker
* Enigmail could have replayed encrypted content in partially
encrypted e-mails, allowing a plaintext leak
* Enigmail could be tricked into displaying incorrect signature
verification results
* Specially crafted content may cause denial of service
-------------------------------------------------------------------
Wed Oct 4 14:57:28 UTC 2017 - astieger@suse.com
- enigmail 1.9.8.3:
* move calling of subprocess library to the end
-------------------------------------------------------------------
Tue Aug 22 10:46:32 UTC 2017 - astieger@suse.com
- enigmail 1.9.8.2:
* fixed wrong translation that break keygen dialog
* make getting time format more robust
* Add support for new type of broken exchange messages
-------------------------------------------------------------------
Sun Jul 9 14:43:40 UTC 2017 - astieger@suse.com
- enigmail 1.9.8.1:
* handle EINTR cases of child process terminations
-------------------------------------------------------------------
Wed Jul 5 06:29:32 UTC 2017 - astieger@suse.com
- enigmail 1.9.8:
* fix blocking in the mail sending process (boo#1047252)
-------------------------------------------------------------------
Mon May 15 16:47:41 UTC 2017 - wr@rosenauer.org
- enigmail 1.9.7:
* This version fixes a compatibility bug on Thunderbird 52 that
makes keyserver up/downloads unusable
-------------------------------------------------------------------
Mon Nov 21 12:52:48 UTC 2016 - astieger@suse.com
- enigmail 1.9.6.1:
* fix locating of GnuPG executable (openSUSE not affected)
-------------------------------------------------------------------
Sun Nov 13 12:02:26 UTC 2016 - astieger@suse.com
- enigmail 1.9.6:
* Better detection is decrypted message is displayed
* New variant of PGP/MIME messages broken by MS-Exchange
* Make key importing more robust
-------------------------------------------------------------------
Mon Sep 5 14:30:21 UTC 2016 - astieger@suse.com
- enigmail 1.9.5:
* fix failure during GnuPG installation
* Include AppData
* Forwarding an encrypted message results in empty body
* Fix parsing ofr last '=' in quoted-printable encoded
encrypted/signed parts
* fix regression in key selection for Per-Recipient-Rules
- license is MPL-2.0, include license text
-------------------------------------------------------------------
Wed Jul 13 13:14:13 UTC 2016 - astieger@suse.com
- enigmail 1.9.4:
* Improved compatibility with Send Later add-on
* Various bugs fixed
-------------------------------------------------------------------
Wed Jun 8 21:12:19 UTC 2016 - astieger@suse.com
- enigmail 1.9.3:
* Fix Decrypt loop with S/MIME self-signed mails
* Fix Manage UIDs throws errors if called from key properties dialog
* Fix No error message if configured key not found on keyring
* Fix Enigmail munges display of messages with S/MIME signature
* Allow importing of expired keys
-------------------------------------------------------------------
Tue May 3 08:08:26 UTC 2016 - astieger@suse.com
- enigmail 1.9.2:
* Add support for Zimbra OpenPGP encrypted messages
* Fix decrypt loop with S/MIME signed mails
* Fix silently failing import of revocation certificate
* Fix E-Mail saved as draft and reopened will show empty message
* Fix multipart/signed mail without micalg parameter blank body
* Fix display of changed key expiration date
-------------------------------------------------------------------
Thu Apr 7 18:21:06 UTC 2016 - astieger@suse.com
- enigmail 1.9.1:
* fix recignition of MS Exchange messages
* fix slow PGP/MIME signature verification with attachments
* fix freeze with large mail with signature
* fix backup/restore UI
* fix UI issues with German umlauts
-------------------------------------------------------------------
Mon Feb 29 15:12:52 UTC 2016 - astieger@suse.com
- enigmail 1.9:
* Added support for GnuPG 2.1
* Backup and restore of keys and Enigmail settings
* Messages are sent using PGP/MIME by default
* Several new dialog windows that improve usability
* Added support for protected headers (off by default)
* There is no binary component anymore - this version runs on all
platforms for which Thunderbird and GnuPG are available.
* gpg2 2.0.7 or newer required
* no longer run tests, a utility is not available
-------------------------------------------------------------------
Tue May 5 10:06:12 UTC 2015 - astieger@suse.com
- enigmail 1.8.2, fixing the following bugs:
* Punycode domain handling incorrect
* Mail is not automatically encrypted anymore. Enigmail does not
warn about unencrypted mail
* Decrypted message, but "Error - decryption failed" or "Error -
no matching private/secret key found to decrypt message"
* Sign Button indicates wrong status on recipient rules
* Decryption filter merges Received headers incorrectly
* Questionmarks "???" in Enigmail menu and encrypting message
only with senders key
* Enigmail key management fails always fails to connect to
keyservers when searching for keys
* TB account hangs when filter for storing decrypted emails is
applied to IMAP account
* Deleting multiple keys in key manager fails
* INV_RECP error message confuses new users
-------------------------------------------------------------------
Thu Mar 26 10:38:58 UTC 2015 - astieger@suse.com
- enigmail 1.8.1:
* Improved user interface for message composition
* Simplified setup wizard
* Possibility to permanently decrypt messages via filter rules
* Improved support for PGP/MIME messages from GPGTools sent from
MS Exchange Server
* Many bugs fixed
* last major version to support GnuPG 1.4.x
- packaging changes:
* update upstream signing key
* run unit tests during build
* remove gpg-offline
* run spec-cleaner
* add upstream sourc URLs
-------------------------------------------------------------------
Fri Aug 29 12:04:27 UTC 2014 - wr@rosenauer.org
- update to version 1.7.2 (bmo#893330)
* bugfix release which contains several bugfixes including
mail with only Bcc recipients sent in plain text
(CVE-2014-5369)
-------------------------------------------------------------------
Sun Jul 20 12:31:49 UTC 2014 - wr@rosenauer.org
- standalone enigmail 1.7 package previously built as part of
MozillaThunderbird
(since version 1.7 it's not required to build against Thunderbird
sources anymore and compatibility to Thunderbird and SeaMonkey at
the same time should be given)