Hello community, here is the log from the commit of package enigmail for openSUSE:Factory checked in at 2018-05-17 18:04:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/enigmail (Old) and /work/SRC/openSUSE:Factory/.enigmail.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "enigmail" Thu May 17 18:04:39 2018 rev:24 rq:609853 version:2.0.4 Changes: -------- --- /work/SRC/openSUSE:Factory/enigmail/enigmail.changes 2018-05-11 09:15:36.160324595 +0200 +++ /work/SRC/openSUSE:Factory/.enigmail.new/enigmail.changes 2018-05-17 18:05:10.380419137 +0200 @@ -1,0 +2,10 @@ +Wed May 16 15:07:43 UTC 2018 - [email protected] + +- enigmail 2.0.4: + * CVE-2017-17688: CFB gadget attacks allowed to exfiltrate + plaintext out of encrypted emails. enigmail now fails on GnuPG + integrit check warnings for old Algorithms (EFAIL, bsc#1093151) + * CVE-2017-17689: CBC gadget attacks allows to exfiltrate + plaintext out of encrypted emails (EFAIL), bsc#1093152) + +------------------------------------------------------------------- Old: ---- enigmail-2.0.3.tar.gz enigmail-2.0.3.tar.gz.asc New: ---- enigmail-2.0.4.tar.gz enigmail-2.0.4.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ enigmail.spec ++++++ --- /var/tmp/diff_new_pack.JCmuBa/_old 2018-05-17 18:05:12.032358721 +0200 +++ /var/tmp/diff_new_pack.JCmuBa/_new 2018-05-17 18:05:12.036358576 +0200 @@ -18,7 +18,7 @@ Name: enigmail -Version: 2.0.3 +Version: 2.0.4 Release: 0 Summary: OpenPGP addon for Thunderbird and SeaMonkey License: MPL-2.0 ++++++ enigmail-2.0.3.tar.gz -> enigmail-2.0.4.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/enigmail/Makefile new/enigmail/Makefile --- old/enigmail/Makefile 2018-05-08 07:30:06.000000000 +0200 +++ new/enigmail/Makefile 2018-05-16 15:08:12.000000000 +0200 @@ -3,7 +3,7 @@ # file, You can obtain one at http://mozilla.org/MPL/2.0/. XPI_MODULE = enigmail -XPI_MODULE_VERS = 2.0.3 +XPI_MODULE_VERS = 2.0.4 DEPTH = . diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/enigmail/configure new/enigmail/configure --- old/enigmail/configure 2018-05-08 07:30:06.000000000 +0200 +++ new/enigmail/configure 2018-05-16 15:08:12.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for enigmail 2.0.3. +# Generated by GNU Autoconf 2.69 for enigmail 2.0.4. # # Report bugs to <https://www.enigmail.net>. # @@ -579,8 +579,8 @@ # Identity of this package. PACKAGE_NAME='enigmail' PACKAGE_TARNAME='enigmail' -PACKAGE_VERSION='2.0.3' -PACKAGE_STRING='enigmail 2.0.3' +PACKAGE_VERSION='2.0.4' +PACKAGE_STRING='enigmail 2.0.4' PACKAGE_BUGREPORT='https://www.enigmail.net' PACKAGE_URL='' @@ -1195,7 +1195,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures enigmail 2.0.3 to adapt to many kinds of systems. +\`configure' configures enigmail 2.0.4 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1261,7 +1261,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of enigmail 2.0.3:";; + short | recursive ) echo "Configuration of enigmail 2.0.4:";; esac cat <<\_ACEOF @@ -1343,7 +1343,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -enigmail configure 2.0.3 +enigmail configure 2.0.4 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1360,7 +1360,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by enigmail $as_me 2.0.3, which was +It was created by enigmail $as_me 2.0.4, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/enigmail/configure.ac new/enigmail/configure.ac --- old/enigmail/configure.ac 2018-05-08 07:30:06.000000000 +0200 +++ new/enigmail/configure.ac 2018-05-16 15:08:12.000000000 +0200 @@ -2,7 +2,7 @@ AC_PREREQ(2.61) min_automake_version="1.10" -AC_INIT([enigmail],[2.0.3], [https://www.enigmail.net]) +AC_INIT([enigmail],[2.0.4], [https://www.enigmail.net]) AC_PATH_PROG(PYTHON, "python2") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/enigmail/package/core.jsm new/enigmail/package/core.jsm --- old/enigmail/package/core.jsm 2018-05-08 07:30:06.000000000 +0200 +++ new/enigmail/package/core.jsm 2018-05-16 15:08:12.000000000 +0200 @@ -287,17 +287,20 @@ gEnvList = []; - if (!getEnigmailPrefs().getPref("gpgLocaleEn")) { - passEnv = passEnv.concat([ - "LANG", "LANGUAGE", "LC_ALL", "LC_COLLATE", "LC_CTYPE", - "LC_MESSAGES", "LC_MONETARY", "LC_NUMERIC", "LC_TIME" - ]); - } - else if (getEnigmailOS().getOS() === "WINNT") { - // force output on Windows to EN-US - EnigmailCore.addToEnvList("LC_ALL=en_US"); - EnigmailCore.addToEnvList("LANG=en_US"); - } + // if (!getEnigmailPrefs().getPref("gpgLocaleEn")) { + // passEnv = passEnv.concat([ + // "LANG", "LANGUAGE", "LC_ALL", "LC_COLLATE", "LC_CTYPE", + // "LC_MESSAGES", "LC_MONETARY", "LC_NUMERIC", "LC_TIME" + // ]); + // } + // else if (getEnigmailOS().getOS() === "WINNT") { + // // force output on Windows to EN-US + // EnigmailCore.addToEnvList("LC_ALL=en_US"); + // EnigmailCore.addToEnvList("LANG=en_US"); + // } + + EnigmailCore.addToEnvList("LC_ALL=C"); + EnigmailCore.addToEnvList("LANG=C"); const passList = env.get("ENIGMAIL_PASS_ENV"); if (passList) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/enigmail/package/errorHandling.jsm new/enigmail/package/errorHandling.jsm --- old/enigmail/package/errorHandling.jsm 2018-05-08 07:30:06.000000000 +0200 +++ new/enigmail/package/errorHandling.jsm 2018-05-16 15:08:12.000000000 +0200 @@ -396,6 +396,12 @@ } else { // non-status line (details of previous status command) + if (errLine == "gpg: WARNING: message was not integrity protected") { + // workaround for Gpg < 2.0.8 that don't fail on missing MDC for old + // algorithms like CAST5 + c.statusFlags |= EnigmailConstants.DECRYPTION_FAILED; + c.inDecryptionFailed = true; + } c.errArray.push(errLine); // save details of DECRYPTION_FAILED message ass error message if (c.inDecryptionFailed) { @@ -470,6 +476,9 @@ if (c.isError) break; } + if ((c.statusFlags & EnigmailConstants.DECRYPTION_OKAY) && (c.statusFlags & EnigmailConstants.DECRYPTION_FAILED)) { + c.statusFlags &= ~EnigmailConstants.DECRYPTION_OKAY; + } detectForgedInsets(c); c.retStatusObj.blockSeparation = c.retStatusObj.blockSeparation.replace(/ $/, ""); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/enigmail/package/install.rdf new/enigmail/package/install.rdf --- old/enigmail/package/install.rdf 2018-05-08 07:30:06.000000000 +0200 +++ new/enigmail/package/install.rdf 2018-05-16 15:08:12.000000000 +0200 @@ -5,7 +5,7 @@ <Description about="urn:mozilla:install-manifest"> <em:id>{847b3a00-7ab1-11d4-8f02-006008948af5}</em:id> - <em:version>2.0.3</em:version> + <em:version>2.0.4</em:version> <em:type>2</em:type> <!-- type = extension --> <em:bootstrap>true</em:bootstrap> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/enigmail/package/mimeDecrypt.jsm new/enigmail/package/mimeDecrypt.jsm --- old/enigmail/package/mimeDecrypt.jsm 2018-05-08 07:30:06.000000000 +0200 +++ new/enigmail/package/mimeDecrypt.jsm 2018-05-16 15:08:12.000000000 +0200 @@ -560,20 +560,20 @@ } catch (ex) {} - let i = this.decryptedData.search(/\n\r?\n/); - if (i > 0) { - var hdr = this.decryptedData.substr(0, i).split(/\r?\n/); - for (let j = 0; j < hdr.length; j++) { - if (hdr[j].search(/^\s*content-type:\s+text\/(plain|html)/i) >= 0) { - LOCAL_DEBUG("mimeDecrypt.jsm: done: adding multipart/mixed around " + hdr[j] + "\n"); - - let wrapper = EnigmailMime.createBoundary(); - this.decryptedData = 'Content-Type: multipart/mixed; boundary="' + wrapper + '"\r\n' + - 'Content-Disposition: inline\r\n\r\n' + - '--' + wrapper + '\r\n' + - this.decryptedData + '\r\n' + - '--' + wrapper + '--\r\n'; - break; + if (this.mimePartNumber !== "1") { + this.addWrapperToDecryptedResult(); + } + else { + let i = this.decryptedData.search(/\n\r?\n/); + if (i > 0) { + var hdr = this.decryptedData.substr(0, i).split(/\r?\n/); + for (let j = 0; j < hdr.length; j++) { + if (hdr[j].search(/^\s*content-type:\s+text\/(plain|html)/i) >= 0) { + LOCAL_DEBUG("mimeDecrypt.jsm: done: adding multipart/mixed around " + hdr[j] + "\n"); + + this.addWrapperToDecryptedResult(); + break; + } } } } @@ -581,6 +581,27 @@ this.exitCode = exitCode; }, + addWrapperToDecryptedResult: function() { + let wrapper = EnigmailMime.createBoundary(); + + let head = 'Content-Type: multipart/mixed; boundary="' + wrapper + '"\r\n' + + 'Content-Disposition: inline\r\n\r\n' + + '--' + wrapper + '\r\n'; + + if (this.mimePartNumber !== "1") { + // Efail protection layer + head += 'Content-Type: text/html\r\n\r\n' + + '<!-- > <pre style="visibility:visible; display: block; font: fixed; font-size: 10px;"> --> ' + + '<!-- \'> <pre style="visibility:visible; display: block; font: fixed; font-size: 10px;"> --> ' + + '<!-- "> <pre style="visibility:visible; display: block; font: fixed; font-size: 10px;"> -->\r\n\r\n' + + '--' + wrapper + '\r\n'; + } + + this.decryptedData = head + + this.decryptedData + '\r\n' + + '--' + wrapper + '--\r\n'; + }, + extractContentType: function(data) { let i = data.search(/\n\r?\n/); if (i <= 0) return null; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/enigmail/package/pEpDecrypt.jsm new/enigmail/package/pEpDecrypt.jsm --- old/enigmail/package/pEpDecrypt.jsm 2018-05-08 07:30:06.000000000 +0200 +++ new/enigmail/package/pEpDecrypt.jsm 2018-05-16 15:08:12.000000000 +0200 @@ -275,17 +275,18 @@ this.decryptedData = this.decryptedData.replace(/^Content-Disposition: inline; filename="msg.txt"/m, "Content-Disposition: inline"); this.decryptedData = this.decryptedData.replace(/^Content-Disposition: inline; filename="msg.html"/m, "Content-Disposition: inline"); - let i = this.decryptedData.search(/\n\r?\n/); - if (i > 0) { - let hdr = this.decryptedData.substr(0, i); - if (hdr.search(/^content-type:\s+text\/(plain|html)/im) >= 0) { - EnigmailLog.DEBUG("pEpDecrypt.jsm: done: adding multipart/mixed around '" + hdr + "'\n"); - - this.decryptedData = 'Content-Type: multipart/mixed; boundary="' + wrapper + '"\r\n' + - 'Content-Disposition: inline\r\n\r\n' + - '--' + wrapper + '\r\n' + - this.decryptedData + '\r\n' + - '--' + wrapper + '--\r\n'; + if (this.mimePartNumber !== "1") { + this.addWrapperToDecryptedResult(); + } + else { + let i = this.decryptedData.search(/\n\r?\n/); + if (i > 0) { + let hdr = this.decryptedData.substr(0, i); + if (hdr.search(/^content-type:\s+text\/(plain|html)/im) >= 0) { + EnigmailLog.DEBUG("pEpDecrypt.jsm: done: adding multipart/mixed around '" + hdr + "'\n"); + + this.addWrapperToDecryptedResult(); + } } } @@ -316,6 +317,27 @@ this.returnData(); }, + addWrapperToDecryptedResult: function() { + let wrapper = EnigmailMime.createBoundary(); + + let head = 'Content-Type: multipart/mixed; boundary="' + wrapper + '"\r\n' + + 'Content-Disposition: inline\r\n\r\n' + + '--' + wrapper + '\r\n'; + + if (this.mimePartNumber !== "1") { + // Efail protection layer + head += 'Content-Type: text/html\r\n\r\n' + + '<!-- > <pre style="visibility:visible; display: block; font: fixed; font-size: 10px;"> --> ' + + '<!-- \'> <pre style="visibility:visible; display: block; font: fixed; font-size: 10px;"> --> ' + + '<!-- "> <pre style="visibility:visible; display: block; font: fixed; font-size: 10px;"> -->\r\n\r\n' + + '--' + wrapper + '\r\n'; + } + + this.decryptedData = head + + this.decryptedData + '\r\n' + + '--' + wrapper + '--\r\n'; + }, + returnData: function() { if ("outputDecryptedData" in this.mimeSvc) { this.mimeSvc.outputDecryptedData(this.decryptedData, this.decryptedData.length);
