From 9a201ec35aa15f8a0d805b39f0b9fa16c22ba264 Mon Sep 17 00:00:00 2001
From: intrigeri <intrigeri@boum.org>
Date: Tue, 7 Aug 2018 14:52:36 +0000
Subject: [PATCH] Thunderbird: enable the optional part of the fixes for EFAIL
 (refs: #15602).

This requires Thunderbird 52.9.0 or 60.0beta; the topic branch this commit
is part of will bring use the latter.
---
 config/chroot_local-includes/etc/thunderbird/pref/thunderbird.js | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/config/chroot_local-includes/etc/thunderbird/pref/thunderbird.js b/config/chroot_local-includes/etc/thunderbird/pref/thunderbird.js
index a835d89da0e..bd3eb04987e 100644
--- a/config/chroot_local-includes/etc/thunderbird/pref/thunderbird.js
+++ b/config/chroot_local-includes/etc/thunderbird/pref/thunderbird.js
@@ -58,3 +58,9 @@ pref("mailnews.auto_config.dns_mx_lookup.enabled", false);
 // mature and widely spread (#15201).
 pref("extensions.enigmail.protectedHeaders", 0);
 pref("extensions.torbirdy.custom.extensions.enigmail.protectedHeaders", 0);
+
+// Don't decrypt subordinate message parts that otherwise might reveal
+// decrypted content to the attacker, i.e. the optional part of the fixes
+// for EFAIL.
+// Reference: https://www.thunderbird.net/en-US/thunderbird/52.9.1/releasenotes/
+pref("mailnews.p7m_subparts_external", true);
-- 
2.11.4.GIT