Topal — Changelog

Copyright © 2001–2022 Phillip J. Brooke

06/2001, 0.1

First alpha release.

06/2001, 0.2

Minor changes.

06/2001, 0.3

Major changes to how keys are identified and looked up.

06/2001, 0.4

Adding more customization features.

11/2001, 0.4.4

Cleaned up some error messages; added -nps mode.

11/2001, 0.4.5

Added ‘gpg-options’ config item with default ‘--no-options’. (Forgot to add this note as well....)

11/2001, 0.5.0

Dumped -verify and -decrypt modes in favour of the multiple-block ‘-display’ mode. Added -help. Added caching. Added more switches relating to caching. Better output formatting.

11/2001, 0.5.1

Improved menus. Tidied up some of the interface. Added -s, which does the same as -nps.

12/2001, 0.5.2

Tidied disclaimer. Added synonyms for -help (-h, -?, --help, --h) Cleaned up menus; keypresses aren't echoed any longer.

12/2001, 0.5.3

Altered packaging to include version in directory name. Changed names of some -clear options to be a bit more sensible. Changing config settings method (big change). Making -s the default operation. Some rearrangement of code, constants. Some configuration editing possible via Topal. Send has access to configuration menu.

12/2001, 0.5.4

Bug fix; one-off error in the sending menus.

12/2001, 0.5.5

Removed redundant examples directory. Changed over to HTML documentation. Tweaked the RELEASE stuff. Use space instead of enter when waiting to continue: this looks forward to offering a help option at every prompt. The receive/blocks stuff now uses an expanding array. The GPG return value is checked when receiving: if it's bad, then some bits of the output are omitted; the cache file is not written. The date bit of Topal output moved onto the previous line (echo -n blah blah).

12/2001, 0.5.6

Adding installation instructions. Using tee and PIPESTATUS to get stderr on screen during receiving while also saving that output and recording gpg's exit status. Changed RELEASE filename to release. Tidied up the Makefile. Invalid passphrase messages are grep'd out of the output. Added ‘fast continue’ options. Key lists in the configuration section now use expanding arrays. Changed key details selection message. Secret key selection now offers a menu of secret keys on the secret keyring. Initial recipient search excludes keys in XK list. Added key search/selection menu choice - much nicer to use than the add menu. More configuration stuff added (still more to do, although the config file can always be used). Partial documentation update.

2/2002, 0.5.7

Adding limited RFC2015/MIME decoding of multipart email.

2/2002, 0.5.8

Adding mime-construct to configuration in expectation of more RFC2015 features. Put test for the config file existing before actually attempting to read it (oops). Added -O2 -Wall and the TOPALDEBUG variable for compiling. Put up WWW page via own Freeserve site. Announcing via Freshmeat. Automating output WWW site generation (all the grunge in the Makefile).

3/2002, 0.6.0

Distribution uses a gzip'd binary now.... Added a pre-built binary that is statically linked against the GNAT stuff so that people don't need to acquire GNAT first (this, I believe, complies with the GNAT licence).
Added the scripts topal-fix-email and topal-fix-folder. This makes it a lot easier to work with other people's multipart/signed or /encrypted email. Procmail recipe added to this README.
Added display of application/pgp messages. Including the text of one of these in a reply might be difficult, but then, it was difficult without topal's mangling. At least they can be verified and read now.
-sendmime option added. Hack needed (in topal-pine-patch [now pine-4.44.patch]) to allow non-text/blah content-types in Pine. RFC2015 send and received done (including micalg detection when sending clearsigned messages: list used from RFC3156.). Ditto for application/pgp, but I'm not sure of some of the parameters, since I've only ever seen signed emails of this form.
Removed some of the waits for execution, since it seems reliable. Added error checking on return value of GPG in sends.

3/2002, 0.6.1

The Content-Type for MIME sending is displayed on the screen using ‘cat’ rather than ‘less’, which was getting to be annoying.
Two changes that are related to how I manage the source code: Slight tweak to makefile for keeping track of RCS files; and using rcs -n<symbolic-name> to tag the released files.

3/2002, 0.6.2

MIME clear-signed messages: trailing blank lines are now deleted before signing (this would cause BAD signature when verifying on some other MTAs). Added remarks to documentation about the patch to Pine and attachments.

4/2002, 0.6.3

RFC1847 multipart encapsulation added. (See section 6.1 of RFC3156.) Cleaned up related receiving/caching behaviour.
Another MIME clear-signed messages bugfix. This one sorts out line-end conventions correctly.
New patch for Pine: this stops a SEGFAULT when using RFC2015 stuff and other attachments at the same time.
Updated documentation; added man pages for the two scripts.

4/2002, 0.6.4

New patch for Pine. Adds a workaround for the problem where some versions of MS Exchange would silently lose inbound MIME clearsigned email. It turns out that a slight formatting change stops the problem.

5/2002, 6/2002; 0.6.5, 0.6.6, 0.6.7, 0.6.8

Adding more debugging, mostly to the menus code. Used for tracking down a nasty problem causing exceptions. Many thanks to Felix Madlener for pointing this out and testing the revised code.

7/2002, 0.6.9

Renamed the Pine patch for when new versions come out. (It's still the same patch as for Topal 0.6.4.) Added trap for non-existent file when using ‘-s’. Cache directory as well as .topal directory is also chmod'd to 700. Added README.txt to package file (even though it's generated from the .html) so that those who just want to ‘less’ it (instead of firing up a HTML reader) can do so.

8/2002, 0.7.0

Changed email address in man page. Lots more exception handling for extra info when something goes wrong. Moderate code reorganisation: mostly splitting blocks of code out for future work. Fixed ‘bug’ (feature?) where send fails if a public key is unusable (although this may risk sending plaintext through; we assume that if an output file was generated, then the GPG errors weren't fatal). Now we check instead if the output file exists. Checking all source files for any similar bugs in menus (cf. the 5/2002 entry). Modified MIME RFC2015 receiving function so that it isn't so reliant on shell calls of sed (which can fall over with nasty characters in an incoming emails boundary). Moreover, it can now cope with MIME parts that don't end with a newline. Tweaking MIME/verify cache handling: we shouldn't actually get an output file from GPG (since we're only verifying one part with the other); we put a vague warning if this happens, and trap when reading the cache. Added content-type to plaintext for MIME/encrypted. Documentation update.

8/2002, 0.7.1

Fixed minor bug with inverted return code (‘-s’ trap). Doc update.

9/2002, 0.7.2

Fixed minor bug in key list handling code (dealing with key selection).

9/2002; 0.7.3, 0.7.4 (BETA)

Disposed of the dependency on a shell by introducing Ada bindings for fork/exec/dup/pipe/glob, etc.. Several external binaries are no longer needed (cat, echo). Most return codes are now properly checked (although still need to do a better audit). Followed Eduardo Chappa's advice and changed Pine patch version letter. Miscellaneous cleanups and fixes. Many thanks to Peter Losher for giving me the incentive to sort out the external calls.

9/2002; 0.7.5 (BETA)

Tidying up structure of external calls, and how the various messages are built up and torn down. Changed the lynx switches at the suggestion of Felix Madlener (many thanks!). When receiving MIME encrypted attachments, the output is not included in the Topal output, but only in the metamail invocation.

10/2002; 0.7.6 (BETA)

Explicitly noted which versions are not intended for general use (beta versions). Rearranged command line parsing for more flexibility in future.

10/2002; 0.7.7 (BETA)

Re-implementing topal-fix-email and topal-fix-folder as part of the main topal binary. This removes the (script) dependency on munpack, but adds formail and diff to the main binary. Fixed some missing bits for particular binaries in configuration handling. Adding ‘important changes from last stable version’ documentation. Tweaked the body extraction procedure. Tweaked some output messages. Major changes to menus: they now use enumerated types rather than integers.... Tweaking cl_menu some more. Added ‘pass-thu’ option to send menu (so you can always use the Topal filter. This might also fix the minor problem with text/html occasionally being sent when it shouldn't be....) Fixed bug where MIME decrypt failure would still cause metamail to be invoked, but that's a waste of time.

10/2002; 0.7.8

Clearing out case statements with ‘when others’. Tidying up sending.adb. Fixed problem in MIME output where a leading blank line was added. Finally implemented ‘topal --fix-folders’ functionality added. No longer need the two old scripts (I hope)! Another documentation tidy-up. Added ‘inline-separate-output’ option: this effectively turns off the GnuPG/Topal wrappers in output. However, the side-effect is that the cache must be cleared when upgrading to this version.

11/2002; 0.7.9

Added some infrastructure for encrypting/signing attachments (but this is nowhere near working yet). Documentation and manpage update (again). Seems stable, will release.

2/2003; 0.7.10, 0.7.11

Tweaking distribution pages (mkdistrib). Including patches against Pine versions 4.50 and 4.53. (They're all more-or-less the same patch. It's pretty easy to apply them against 4.51 and 4.52 if you feel so inclined.) Further doc clean up (particular the stuff about important changes from previous stable versions). Implemented Felix M.'s suggestion for handling non-existant command-line options: things that aren't valid options, but are prefixed with a ‘-’ get a more helpful error message. --fix-email workaround also writes out the original input in the exception handler. Changed recommended procmail recipe so that Topal's exit code is checked.

2/2003; 0.7.12

Adding ‘workaround-error-log’ file to .topal. This accepts output from topal --fix-email when it fails to exit cleanly. Not quite clear if this bit works yet (was tracking down other problem). It appears that when running without a real terminal, the call to set_echo fails. Odd. Nasty workaround implemented.

2/2002; 0.7.13

Added missing includes to ada-echo-c.c. Perhaps related to issue in the previous entry.

4/2003; 0.7.13b

Bug fix release only - backported from (not-yet-released 0.8.0). Fixed bug when changing own signing key using the -config option - thanks to Stewart James for the bug report.

10/2003; 0.7.13.2

Bug fix release only - backported from (not-yet-released 0.8.0). Changed bug fix versioning scheme. Makefile now links properly against static GNAT runtime. Fixed problem which manifests as: ‘relocation error: /lib/libreadline.so.4: undefined symbol: BC’ (needed instruction to link against ncurses) - thanks to Marty Hoff for the bug report. Added patch against Pine version 4.58.

10/2003; 0.7.13.3

Now use -gnatwa and -gnato for all Ada compilation. It was omitted from the main binary build command before. Fixed all the resulting warnings.

1/2004; 0.7.13.4

Patched externals calls for errno to prevent (in some cases) warnings from ld.so, and in other cases, failures to build.

6/2004; 0.7.13.5

Added patch against Pine version 4.60. Updated some notices.

1/4/2005; 0.7.13.6

Calls to the GPG binary now have LANG set to C before exec so that we don't have to worry about different language output in GPG. Thanks for Joern Brederec for the bug report and suggestion of how to fix it.

2005-2007

Four internal development releases junked.

8/1/2008; release 55

--fix-email now replaces the original message with a multipart/misc wrapper, rather than expanding it into a multipart/alternative message.
Replaced some key selection code. Hopefully, this reduces the number of locale-dependent and GPG version-specific problems. Additionally, revoked, disabled and invalid keys are no longer offered; checks are made to ensure that the key is valid for encryption/signing when applicable.
New patch for Alpine 1.00. Includes configuration setting.
The ‘pass through unchanged’ send option no longer modifies the content-type to text/plain.
Should now build and run on Cygwin.
Licence is now GPL-3.
Attempt to prevent potential memory leak (if running for a long time) by making the implementation of expanding_array a controlled type.
Cleaned up Ada source to reduce warnings.
Other minor changes, e.g., better checks on keylists, documentation clean-up.
Changed release numbering.
HTML cleaned up and CSS added.

8/1/2008; release 56

--read-from option added to select different signing keys depending on the From line. Also added sake and sxk configurations.
Fixed bug in Keys.Remove.Key (didn't match if the full fingerprint wasn't given).
Command-line parser now accepts 1 or more hyphens for any option.
Improved keylist documentation.
Corrected release date for release 55... oops.

8/1/2008; release 57

Initial attempt at supporting attachments within Topal.
Changed MIME boundary detection code (the previous algorithm couldn't cope with multipart included in a signed email). Please tell me if this breaks your emails....
Bug fix to _INCLUDEALLHDRS_ - it needs to turn the CRLF back into LF or it might chop off some of your message....

22/6/2008; release 58

UI improvements (count keys in keylist, clearer indication of position in menus).
Added patch for Alpine 1.10. Renamed all patch files.
Default paths for binaries are no longer absolute.
Configuration files now allow comments, but they're not preserved by Topal.
Added more exception handling messages.
Sending and receiving both save off original input as tempfiles to help debugging.
Added --ask-charset command line option. This is really only for testing a new workaround for locale-related bad signatures. Please see locale problems in the notes and send feedback.
Started removing dependency on mime-construct; new source files mime.ad[sb].
Build date added to binary.

3/7/2008; release 59

Added sequence numbers to temporary files to reduce possible name conflicts.
The makefile's install target now installs to INSTALLPATH. This can be overridden, e.g., make install INSTALLPATH=/usr/local. The four more specific paths, INSTALLPATHBIN, INSTALLPATHMAN, INSTALLPATHDOC and INSTALLPATHPATCHES can also be overridden. Fixes request from Nils Schlupp re: ebuild.
The --ask-charset command-line option is now only used if a bad signature is returned; a second attempt is then made if a different character set is suggested by the user.

13/7/2008; release 60

Update installation instructions for make install.
We now use a modified version of Jeffrey S. Dutky's mime-tool instead of mime-construct for creating MIME messages. We include our modified version in the Topal tarball (since both are GPL, and our modifications are needed if creating MIME messages).
MIME viewing can now use metamail, use run-mailcap or save the attachment to the folder ~/.topal/viewmime (which you can then open in Alpine). run-mailcap and saving support are new.
Sending menu allows user to view and edit the email. A quicker method for changing/setting the signing (own) key is available.

14/7/2008; release 61

An initial, rather crude, but (for my purposes at least) effective remote mode for sending.
Some history is now saved.

17/7/2008; release 62

Added basic support for S/MIME verification of messages.
Quoted-printable encoder (in MIME-tool) improved (single dots and leading "From ") as per RFC2049.
Decode quoted-printable and base64 before calling run-mailcap.
Ignore errors in strip in Makefile (trips up Cygwin, which expects the executable to be foo.exe).
Update feature list for remote sending.
Internal changes to configuration storage.

31/8/2008; release 63

Update change list for release 62 (omitted some items...).
Give a sensible warning message instead of dying with an exception when (1) signing operations are called without own key set; (2) attempting to choose own key without any secret keys available.
Added some hints in the documentation.
Initial attempt at supporting remote decryption.
Handle SIGINT ourselves so that temporary files are cleaned up. Also clean up more often when exceptions occur.

24/10/2008; release 64

Update feature list for release 63's remote decryption support.
Add patch to Topal sources for Cygwin. (The recent interrupt code doesn't build.)
Bug fix: temporary files weren't being deleted, because Rm_Tempfiles_PID hadn't been changed to match Temp_File_Name.
Added patch for Alpine 2.00. Alpine's S/MIME needs to be turned off for Topal's S/MIME verification to work.
Bug fix in Externals.Simple.Guess_Content_Type.

1/5/2009; release 65

MIME sending now uses the current locale as the content-type header charset.
MIME receiving (verification) tries to use the character set given in its first attempt.
Signing calls to GPG use --textmode flag (shouldn't be needed if the dos2unix calls work, but experiments suggest some problems if we don't do this).
Fix remote server so that emails with multiple recipients are handled properly.
Added new patch to Alpine that might make it easier to read multipart signed/encrypted messages. This makes the procmail recipe redundant, but needs more testing.
Attempt to manage different character sets when verifying S/MIME.
MIME messages now include a prolog explaining that they're OpenPGP messages. Also added appropriate Content-Disposition headers to help client programs.
Update docs re: Alpine patches.
Code cleanup (e.g., vars that could be declared constant, and some unused procedure formals).

6/6/2009; release 66

Removed spurious spaces from Topal ‘-----’ text that were messing up format=flowed text. Note that this doesn't fix cache files that already have this problem.
Changed the default sending and receiving GPG options (use the -default option to see them). This does not override whatever is in your current .topal/config file.
Added a configuration option ‘omit-inline-disposition-name’: apparently some mail services mistreat inline MIME parts if they have a filename. If this option is set, then no filename parameter is added to inline content-disposition headers. The option can be changed via the configuration menu.

6/6/2009; release 67

Added another configuration option ‘omit-inline-disposition-header’. If a disposition header of value inline would be added, it's simply omitted altogether.

27/6/2009; release 68

Minor bug fix with configuration handling of omit-inline-disposition-header.
Added new configuration option save-on-send.
A range of major and minor changes to the sending interface.
Added the sd configuration option that allows keys or emails to be associated with particularly sending options.
When secret keys aren't available, still try to add a suitable key for self for encryption.
MIME viewer setting has been replaced by two: one for decrypt and one for verify.
Bad lines in the configuration file now result in a warning, not an exception.
Internal modifications to configuration handling.

21/7/2009; release 69

No longer calling an external app for line-end conversions.
Added a note re: Alpine's S/MIME message about certificates.
Show the list of recipients just before sending (from the to/cc/bcc lists; not lcc, as Alpine doesn't pass those to in the _RECIPIENTS_ token). The idea is to allow the user to spot the “oh no, I didn't intend to email that person” problem.

22/9/2009; release 70

Added use-agent configuration option. This has three values: (1) never use an agent, (2) only use it for decryption, (3) always use it. Don't put GPG's --[no-]use-agent options in any other configuration options or it might be confusing.
Adding attachments when using a non-MIME mode forces a change to a suitable mode (where possible).
Presentation changes for recipient list check.
Fixed a minor typo in a user message.

25/2/2010; release 71

Added more MICALGs from RFC4880.
Handle missing Content-Type headers in multipart messages.
Reorganise menus: hopefully, they're easier to read now. Add some colourisation (this can be disabled by setting ansi-terminal to off). Assorted tidying.
Warn if sending defaults to encryption, but some keys are missing.
Add -pd - pipe-display mode. Takes stdin and treats it as a MIME email for display/verification.
Release code is now taken from the README.html file rather than a separate release file.
Slight clean-up of this README.

25/2/2010; release 72

Fix menus for non-Pine sending. (‘Go’ wasn't working!)
Trap attempts to encrypt when no keys are in the key list.
Minor change to distrib text and Makefile.
Distrib target in Makefile now uses GPG agent.

29/4/2011; release 73

Fix crash when sending attachments with spaces in filenames.
Add new switch, wait-if-missing-keys, which requires the user to acknowledge if keys are missing when defaulting to encryption.
Slightly reorganise configuration menu to keep it within 24 lines.
Update documentation re: crashes related to the second patch and mailcap files.
Topal makes greater efforts to check that external commands exist before running them.
Exception messages are repeated via Ada's exception handling (if Topal panics).
Added decrypt-prereq option. See this note.
Experimental S/MIME sending support added.
More use of GnuPG's --status-fd option so that we can determine exit status properly.
Replaced ancient expanding_array package with Ada.Containers.Vectors.
Adding sendmail-path filter mode. This is needed for the S/MIME encrypted and S/MIME sign+encrypted modes. (Otherwise only Topal can read them; neither Outlook nor Thunderbird will cope with an S/MIME part inside multipart/mixed.) This mode also needs pinentry-qt for gpgsm: pinentry-curses doesn't like this environment.
In the sendmail-path filter mode, we no longer need the content-type guessing. We can simply re-use the content-type from the original header.
Added replace-ids option which can replace Message-ID (and also Content-ID) in sendmail-path filter mode.
The sendmail-path mode can also add a token to help spot our cc'd emails. Use something like st=user@domain,token to set a password. This is hashed with some headers for each email and added to an X-Topal-Send-Token header. Topal then has a -cst token mode which adds a X-Topal-Check-Send-Token header with either yes or no for that header.
Investigation suggests that group addresses are handled other than I expect. E.g., Group name:; in the to: field and the actual list of addresses in lcc field will result in the addresses appearing in the bcc field in sendmail-path filter mode.
Rewrite main documentation in LaTeX: the main manual is now topal.pdf. The change log is still in HTML.
Start adding interoperability notes to manual.
Diagnosing issue with clearsigned (both OpenPGP and S/MIME) emails that have passed through an MS Exchange server being corrupted.
Added opaque signing option for S/MIME.
Added attachment-trap boolean option. In -asend mode, this causes Topal to complain if the message body contains the string “attach” but doesn't have any attachments.

23/6/2011; release 74

Oops, wrong year in release 73 date….
Topal needs GNAT's -gnat05 switch.
Documentation update:

• Noted the need for GNU's sed (particularly important if you're using Mac OS X).
• Noted that gpg-agent needs HUPing if trustlist.txt is updated.

Added include-send-token switch, where 1 never includes them, 2 asks and 3 always includes them.
Warnings about configuration errors now go to stderr, rather than messing up other processing output.
Heuristic for attachment trap is improved. This now copes with the case where the email comprises a single multipart/mixed MIME part.
Some comparisons for content-types are case-insensitive now.

26/2/2012; release 75

Most changes this time are to cope with non-cryptographic meddling for my work environment.
Fix Clean_Email_Address to cope with mailboxes with double quotes and commas.
Added fix-fcc option that modifies a X-Topal-Fcc header. It is encrypted using the send-token for that sender to X-Topal-Fcce. The --check-send-token filter will also reverse this.
Added fix-bcc option that adds a X-Topal-Bcce header. It's handled similarly to X-Topal-Fcce, but records the Bcc contents. The --check-send-token filter will also reverse this. Fix token hashing so that it copes with different outputs from openssl sha1.

22/2/2015; release 76

Add -raw command, that can be used by piping a raw message (with free output) from Alpine. Also usable on an mbox from the command-line.
Multiple documentation updates, including deprecation of the two patches to Alpine, contact email address and copyright dates.

20/9/2015; release 77

Fix bad HTML formatting in this file.
Bug fix for clearsigning MIME files that don't have a MIME prologue.
Typo fixes from Nicolas Boulenguez to MIME-tool README, man page and mime.c. Thank you!

22/7/2018; release 78

Replace some ancient use of DES3 with AES128CBC.
Move from SHA1 to SHA256.
Packaging improvements (remove unnecessary binaries and change detached signature name).
Improvements to Makefile for downstream distributors.
Some of these changes are based on suggestions from Nicolas Boulenguez (particularly around the Makefile). Thank you again!

22/2/2019; release 79

Correct last changelog to show that we really did move from SHA1 to SHA256, not the other way!
Refactor key handling so that key selection works better. (If this breaks your setup, please let me know which GPG version you're using.) Improved de-duplication.
Change debug handling so that debug data goes to a file rather than messing up terminals.

22/2/2019; release 80

Fix broken build of mime-tool.

24/4/2022; release 81

Update documentation re: decryption and verification via the -raw option (thank you to E.E. for useful feedback).
Improvements for parallel Make.
Multiple changes to Makefiles, closely following suggestions from Nicolas Boulenguez (thank you).
Fix up deprecated use of OpenSSL "enc" for cryptograms, adding PBKDF2 and Iter.

See the documentation in topal.pdf for further details.