Package Release Info

enigmail-2.0.9-24.1

Update Info: openSUSE-2019-994
Available in Package Hub : 12 GA-SP5

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

enigmail

Change Logs

* Mon Dec 10 2018 astieger@suse.com
- enigmail 2.0.9, fixing one security issues:
  * An HTTP authentication dialog maye displayed during web key
    discovery, allowing remote attackers to possibly trick the user
    into entering e-mail credentials (bsc#1118935)
- other bugs fixed:
  * pEp - PGP/MIME signed-only messages are ignored
  * Autocrypt overrules manually created Per-Recipient Rules
  * "Re:" prefix on subject line disappears when editing encrypted,
    saved draft
Version: 1.9.8.3-2.1
* Wed Oct 04 2017 astieger@suse.com
- enigmail 1.9.8.3:
  * move calling of subprocess library to the end
* Tue Aug 22 2017 astieger@suse.com
- enigmail 1.9.8.2:
  * fixed wrong translation that break keygen dialog
  * make getting time format more robust
  * Add support for new type of broken exchange messages
* Sun Jul 09 2017 astieger@suse.com
- enigmail 1.9.8.1:
  * handle EINTR cases of child process terminations
* Wed Jul 05 2017 astieger@suse.com
- enigmail 1.9.8:
  * fix blocking in the mail sending process (boo#1047252)
* Mon May 15 2017 wr@rosenauer.org
- enigmail 1.9.7:
  * This version fixes a compatibility bug on Thunderbird 52 that
    makes keyserver up/downloads unusable
* Mon Nov 21 2016 astieger@suse.com
- enigmail 1.9.6.1:
  * fix locating of GnuPG executable (openSUSE not affected)
* Sun Nov 13 2016 astieger@suse.com
- enigmail 1.9.6:
  * Better detection is decrypted message is displayed
  * New variant of PGP/MIME messages broken by MS-Exchange
  * Make key importing more robust
* Mon Sep 05 2016 astieger@suse.com
- enigmail 1.9.5:
  * fix failure during GnuPG installation
  * Include AppData
  * Forwarding an encrypted message results in empty body
  * Fix parsing ofr last '=' in quoted-printable encoded
    encrypted/signed parts
  * fix regression in key selection for Per-Recipient-Rules
- license is MPL-2.0, include license text
* Wed Jul 13 2016 astieger@suse.com
- enigmail 1.9.4:
  * Improved compatibility with Send Later add-on
  * Various bugs fixed
* Wed Jun 08 2016 astieger@suse.com
- enigmail 1.9.3:
  * Fix Decrypt loop with S/MIME self-signed mails
  * Fix Manage UIDs throws errors if called from key properties dialog
  * Fix No error message if configured key not found on keyring
  * Fix Enigmail munges display of messages with S/MIME signature
  * Allow importing of expired keys
* Tue May 03 2016 astieger@suse.com
- enigmail 1.9.2:
  * Add support for Zimbra OpenPGP encrypted messages
  * Fix decrypt loop with S/MIME signed mails
  * Fix silently failing import of revocation certificate
  * Fix E-Mail saved as draft and reopened will show empty message
  * Fix multipart/signed mail without micalg parameter blank body
  * Fix display of changed key expiration date
* Thu Apr 07 2016 astieger@suse.com
- enigmail 1.9.1:
  * fix recignition of MS Exchange messages
  * fix slow PGP/MIME signature verification with attachments
  * fix freeze with large mail with signature
  * fix backup/restore UI
  * fix UI issues with German umlauts
* Mon Feb 29 2016 astieger@suse.com
- enigmail 1.9:
  * Added support for GnuPG 2.1
  * Backup and restore of keys and Enigmail settings
  * Messages are sent using PGP/MIME by default
  * Several new dialog windows that improve usability
  * Added support for protected headers (off by default)
  * There is no binary component anymore - this version runs on all
    platforms for which Thunderbird and GnuPG are available.
  * gpg2 2.0.7 or newer required
  * no longer run tests, a utility is not available
* Tue May 05 2015 astieger@suse.com
- enigmail 1.8.2, fixing the following bugs:
  * Punycode domain handling incorrect
  * Mail is not automatically encrypted anymore. Enigmail does not
    warn about unencrypted mail
  * Decrypted message, but "Error - decryption failed" or "Error -
    no matching private/secret key found to decrypt message"
  * Sign Button indicates wrong status on recipient rules
  * Decryption filter merges Received headers incorrectly
  * Questionmarks "???" in Enigmail menu and encrypting message
    only with senders key
  * Enigmail key management fails always fails to connect to
    keyservers when searching for keys
  * TB account hangs when filter for storing decrypted emails is
    applied to IMAP account
  * Deleting multiple keys in key manager fails
  * INV_RECP error message confuses new users
* Thu Mar 26 2015 astieger@suse.com
- enigmail 1.8.1:
  * Improved user interface for message composition
  * Simplified setup wizard
  * Possibility to permanently decrypt messages via filter rules
  * Improved support for PGP/MIME messages from GPGTools sent from
    MS Exchange Server
  * Many bugs fixed
  * last major version to support GnuPG 1.4.x
- packaging changes:
  * update upstream signing key
  * run unit tests during build
  * remove gpg-offline
  * run spec-cleaner
  * add upstream sourc URLs
* Fri Aug 29 2014 wr@rosenauer.org
- update to version 1.7.2 (bmo#893330)
  * bugfix release which contains several bugfixes including
    mail with only Bcc recipients sent in plain text
    (CVE-2014-5369)
* Sun Jul 20 2014 wr@rosenauer.org
- standalone enigmail 1.7 package previously built as part of
  MozillaThunderbird
  (since version 1.7 it's not required to build against Thunderbird
  sources anymore and compatibility to Thunderbird and SeaMonkey at
  the same time should be given)
Version: 1.9.9-6.1
* Wed Dec 20 2017 thardeck@suse.com
- enigmail 1.9.9, fixing multiple vulnerabilities (boo#1073858):
  * Enigmail could be coerced to use a malicious PGP public key
    with a corresponding secret key controlled by an attacker
  * Enigmail could have replayed encrypted content in partially
    encrypted e-mails, allowing a plaintext leak
  * Enigmail could be tricked into displaying incorrect signature
    verification results
  * Specially crafted content may cause denial of service
Version: 2.0.11-31.1
* Wed May 22 2019 andreas.stieger@gmx.de
- enigmail 2.0.11:
  * CVE-2019-12269: Specially crafted inline PGP messages could
    spoof a "correctly signed" message (boo#1135855)
* Fri Mar 29 2019 andreas.stieger@gmx.de
- enigmail 2.0.10:
  * various bug fixes for configuring and handling encrypted e-mail
  * UI fixes for dialogs, messages, and dark Thunderbird themes
Version: 2.0.12-34.1
* Thu Jul 11 2019 andreas.stieger@gmx.de
- enimail 2.0.12:
  * set the default keyserver to keys.openpgp.org in order to
    mitigate the SKS Keyserver Network Attack boo#1141025
Version: 2.0.4-9.1
* Wed May 16 2018 astieger@suse.com
- enigmail 2.0.4:
  * CVE-2017-17688: CFB gadget attacks allowed to exfiltrate
    plaintext out of encrypted emails. enigmail now fails on GnuPG
    integrit check warnings for old Algorithms (EFAIL, bsc#1093151)
  * CVE-2017-17689: CBC gadget attacks allows to exfiltrate
    plaintext out of encrypted emails (EFAIL), bsc#1093152)
* Wed May 09 2018 astieger@suse.com
- enigmail 2.0.3 addresses the following issues (bsc#1092581):
  Stability and functionality:
  * Thunderbird may at displaying a message with an encrypted e-mail
  * Crash from processing double encrypted PGP/MIME message
  * Specific UI interaction sequence may prevent editing OpenPGP
    settings
  * Filter might not not executed at Thunderbird startup for ne
    message
  * gpg not terminated correctly when canceling "Import Key"
  Encryption/Decryption:
  * Saving encrypted draft leaks subject (even if protected headers
    are used)
  * manual PGP/MIME sig verification not working
  * Autocrpyt "addr" address might not match "From" header
  * Viewing S/MIME signed email disables PGP signature checks
  * S/MIME signing/encryption defaults not applied correctly
  E-mail subject handling:
  * Double "Re:" prefix on replies
  * "Re:" prefix on subject line disappears when editing encrypted,
    saved draft
  * Encrypted Message" subject in reply messages
* Fri Apr 13 2018 astieger@suse.com
- enigmail 2.0.2, addressing more regressions in 2.0/2.0.1:
  * protected headers should not check for force-display part
  * Incorrectly displayed subject line in writing dialog when
    forwarding
  * Error in Preferences Dialog upon loading
  * Autocrypt messages were unreadable without Enigmail
* Tue Apr 03 2018 astieger@suse.com
- enigmail 2.0.1, addressing several issues found in 2.0:
  * S/MIME signing/encryption not working correctly, if Enigmail
    is not enabled for an account
  * Emails fail to decrypt if the sender address contains brackets
  * Autocrypt-headers may flip manually created per-recipient rules
  * The key manager does not load if no key on the keyring
* Mon Mar 26 2018 astieger@suse.com
- enigmail 2.0:
  * The Encryption and Signing buttons now work for both OpenPGP
    and S/MIME. Enigmail will chose between S/MIME or OpenPGP
    depending on whether the keys for all recipients are available
    for the respective standard.
  * Support for the Autocrypt standard, which is now enabled by
    default.
  * Support for Pretty Easy Privacy (p?p) is implemented in
    Enigmail.
  * Support for Web Key Directory (WKD) is implemented. Enigmail
    will try to download unavailable keys during message
    composition from WKD. GnuPG 2.2.x is used the provider
    supports the Web Key Service protocol, users can also use
    Enigmail to upload keys to WKD.
  * The message subject can now be encrypted and replaced with a
    dummy subject, following the Memory Hole standard for
    protected Email Headers.
  * The keys on the keyring are automatically refreshed from
    keyservers at an irregular interval.
  * Enigmail was turned into a "restartless" addon. That is, once
    Enigmail is installed, subsequent updates will be installed
    without needing to restart Thunderbird.
  * Keys are internally addressed using the fingerprint instead of
    the key ID.
- Use %license (boo#1082318)
Version: 2.0.5-12.1
* Tue May 22 2018 astieger@suse.com
- enigmail 2.0.5:
  * Improvements on previous fixes on CVE-2017-17688, bsc#1093151
    and CVE-2017-17689, bsc#1093152 (EFAIL):
  - do not decrypt MIME parts unnecessarily
  - improve Error Message for Missing MDC
Version: 2.0.6-15.1
* Sun May 27 2018 astieger@suse.com
- enigmail 2.0.6:
  * Replies to a partially encrypted message may have revealed
    protected information - no longer display PGP/MIME message
    part followed by unencrypted data (bsc#1094781)
  * Fix signature Spoofing via Inline-PGP in HTML Mails
  * Fix filter actions forgetting selected mail folder names
Version: 2.0.7-18.1
* Wed Jun 13 2018 astieger@suse.com
- enigmail 2.0.7:
  * CVE-2018-12020: Mitigation against GnuPG signature spoofing:
    Email signatures could be spoofed via an embedded "--filename"
    parameter in OpenPGP literal data packets. This update prevents
    this issue from being exploited if GnuPG was not updated
    (boo#1096745)
  * CVE-2018-12019: The signature verification routine interpreted
    User IDs as status/control messages and did not correctly keep
    track of the status of multiple signatures. This allowed remote
    attackers to spoof arbitrary email signatures via public keys
    containing crafted primary user ids (boo#1097525)
* Fri Jun 01 2018 astieger@suse.com
- enigmail 2.0.6.1:
  * fix compatibility issue with Thunderbird 60b7
  * disallow plaintext (literal packets) outside of encrpyted
    packets
Version: 2.0.8-21.1
* Sun Aug 05 2018 michael@stroeder.com
- enigmail 2.0.8:
  This release addresses a security issue and
  solves a few regression bugs.
  * a security issue has been fixed that allows an attacker to prepare
    a plain, unauthenticated HTML message in a way that it looks like
    it's signed and/or encrypted (boo#1104036)