Path to this page:
Subject: CVS commit: pkgsrc/mail/thunderbird-enigmail
From: Thomas Klausner
Date: 2019-02-13 22:59:31
Message id: 20190213215931.C2AE9FB16@cvs.NetBSD.org
Log Message:
thunderbird-enigmail: update to 2.0.9.
Enigmail 2.0.9
Released 2018-10-09, works with Thunderbird 60.0.
Notable Changes
This release addresses a security issue and solves a few regression bugs.
Bugs fixed:
Check the full list of fixed defects.
Enigmail 2.0.8
Released 2018-08-04, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release addresses a security issue and solves a few regression bugs.
Bugs fixed:
A security issue has been fixed that allows an attacker to prepare a plain, \
unauthenticated HTML message in a way that it looks like it's signed and/or \
encrypted.
Check the full list of fixed defects.
Enigmail 2.0.7
Released 2018-06-13, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release addresses several critical security bugs.
Bugs fixed:
Spoofing of Email signatures I (CVE-2018-12020): GnuPG 2.2.8 fixed a \
security bug that allows remote attackers to spoof arbitrary email signatures \
via the embedded "--filename" parameter in OpenPGP literal data \
packets. This release of Enigmail prevents the exploit for all versions of \
GnuPG, i.e. also if GnuPG is not updated.
Spoofing of Email signatures II (CVE-2018-12019): The signature verification \
routine in Enigmail interpreted User IDs as status/control messages and did not \
correctly keep track of the status of multiple signatures. This allowed remote \
attackers to spoof arbitrary email signatures via public keys containing crafted \
primary user ids.
Mozilla crash bug 1423895: if Enigmail is installed on Thunderbird 60b7 \
together with the Add-Ons "CardBook", "QuickFolders" (and \
possibly other Add-Ons), then Thunderbird will crash as soon as an \
Enigmail-specific window is opened. This version implements a workaround for the \
Mozilla bug.
Enigmail 2.0.6
Released 2018-05-27, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release addresses a vulnerability that would allow an attacker to make a \
victim respond to a partially encrypted message and thus reveal protected \
information.
Bugs fixed:
Check the full list of fixed defects.
Enigmail 2.0.5
Released 2018-05-21, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release implements a fix that prevents any form of the Efail vulnerability \
and similar attacks. We recommend to upgrade to this version as soon as \
possible.
Bugs fixed:
Check the full list of fixed defects.
Enigmail 2.0.4
Released 2018-05-16, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release implements two workarounds to prevent from Efail vulnerabilities. \
We recommend to upgrade to this version as soon as possible.
Bugs fixed:
Check the full list of fixed defects.
Enigmail 2.0.3
Released 2018-05-08, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release addresses several defects, including a crash when accessing \
encrypted forwarded messages.
Bugs fixed:
Check the full list of fixed defects.
Enigmail 2.0.2
Released 2018-04-12, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release addresses some regressions found in version 2.0/2.0.1.
Bugs fixed:
Check the full list of fixed defects.
Enigmail 2.0.1
Released 2018-04-02, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release addresses several defects found in version 2.0.
Bugs fixed:
S/MIME signing/encryption not working correctly, if Enigmail is not enabled \
for an account
Emails fail to decrypt if the sender address contains brackets
Autocrypt-headers may flip manually created per-recipient rules
The key manager does not load if no key on the keyring
Check the full list of fixed defects.
Enigmail 2.0
Released 2018-03-25, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
The Encryption and Signing buttons now work for both OpenPGP and S/MIME. \
Enigmail will chose between S/MIME or OpenPGP depending on whether the keys for \
all recipients are available for the respective standard.
Support for Pretty Easy Privacy (p≡p) is implemented in Enigmail. p≡p is \
active by default for new users.
Support for the Autocrypt standard, which is now enabled by default. If \
Enigmail is used in the "classical mode" (with p≡p disabled) then \
Autocrypt is enabled by default.
Support for Web Key Directory (WKD) is implemented. Enigmail will try to \
download unavailable keys during message composition from WKD. If you use GnuPG \
2.2.x, and your provider supports the Web Key Service protocol, you can also use \
Enigmail to upload your key to WKD.
The message subject can now be encrypted and replaced with a dummy subject, \
following the Memory Hole standard for protected Email Headers.
The keys on the keyring are automatically refreshed from keyservers at an \
irregular interval.
Enigmail was turned into a "restartless" addon. That is, once you \
installed Enigmail 2.0, subsequent updates will be installed without needing to \
restart Thunderbird.
Keys are internally addressed using the fingerprint instead of the key ID.
The minimum GnuPG version supported is now 2.0.16.
Cygwin-versions of GnuPG are no longer supported.
Bugs fixed
Many bugs were fixed. Check the list of fixed defects.
Files: