Breathe easy with Enigmail/p≡p under Windows:
On October 3, we informed about a serious bug in Enigmail/p≡p mode for Windows which was introduced with the 1.0.23 update on September 26. At the earliest by the end of September, a maximum of 6,000 of the estimated 145,000 Windows users of Enigmail/p≡p were affected by this error. Since Friday, 10pm CEST and after intensive tests version 1.0.24 of p≡p distribution is now being delivered, which also protects affected users who did not follow our workaround.

Solution

The new version of Enigmail/p≡p was released Friday, October 12th at 10 pm CEST. Users are urged to follow Enigmail's update request and update the p≡p distribution to version 1.0.24.

The update took longer than expected — for extensive tests to take place. Please note that Windows 7 users of 32-bit systems (x32/x86) need at least Service Pack 2 for Enigmail/p≡p to work under Windows. Otherwise Enigmail will change into classic mode.

In short: It is highly recommended to update the Windows system as well.

(We had advised existing users before this update and new users who have been using Enigmail/p≡p for Windows since September 26 to switch to the classic Enigmail mode as of October 3 — as a workaround. After the update for existing users since then and for new users after October 3 this step is not necessary any longer.)

Background

As stated in the blog article by October 3, the bug that caused the unencrypted sending of messages was because of a build error in the Windows version of Enigmail/p≡p, which goes back to human errors: we forgot to build the libiconv library into the libetpan DLL, which induced undefined behavior, caused libetpan to return with a memory error and resulted in messages not being encrypted. The errors caused Enigmail to send these messages to Thunderbird for it to dispatch them unprotected via SMTP — this is due to a lack of error handling towards p≡p (see Ticket 909 on the subject).

Extent of Damage

The update 1.0.24 fixes the faulty Enigmail/p≡p mode under Windows, which affected a maximum of 6'000 (of about 145'000) users for a short period of time — according to figures from Patrick Brunschwig, main developer of the Enigmail project, that many downloads were recorded between September 26th and October 3rd. Only during this period users could have installed the faulty update and only under Windows.

On October 3rd we stopped the delivery of the version 1.0.23 of the p≡p distribution and were thus able to limit the damage.

The other additional 100,000 to 150,000 users under Linux or macOS were not affected by this bug at any time. Also products of p≡p security, namely p≡p for Android, iOS and Outlook do not allow such an error due to appropriate error handling.

Error Avoidance

Despite limited resources for community projects, it is important to avoid such fatal errors in the future: we test newer updates extensively, as should have been the case from the beginning — for all platforms — and the way p≡p security does for all its products systematically and with a dedicated team. The aim is to establish semi-automated test procedures and still carry out extensive manual tests of the important functions, as well as to improve error handling — in Enigmail — so that such cases are excluded.

We apologize to our users for this faux pas and promise to work hard, carefully and accurately. We will also be releasing details about the entire build process shortly, so that interested users can see for themselves — at any time — how the p≡p distribution was created and how it works.