Merge branch 'release'

Conflicts:
        NEWS

Add in NEWS from point release
This commit is contained in:
David Bremner 2017-12-08 22:19:06 -04:00
commit 040c3236af
13 changed files with 101 additions and 35 deletions

View file

@ -39,8 +39,8 @@ Talloc, and zlib which are each described below:
reading mail while notmuch would wait for Xapian when removing reading mail while notmuch would wait for Xapian when removing
the "inbox" and "unread" tags from messages in a thread. the "inbox" and "unread" tags from messages in a thread.
GMime 2.6 GMime
---------- -----
GMime provides decoding of MIME email messages for Notmuch. GMime provides decoding of MIME email messages for Notmuch.
Without GMime, Notmuch would not be able to extract and index Without GMime, Notmuch would not be able to extract and index
@ -88,7 +88,7 @@ dependencies with a simple simple command line. For example:
For Debian and similar: For Debian and similar:
sudo apt-get install libxapian-dev libgmime-2.6-dev libtalloc-dev zlib1g-dev python-sphinx sudo apt-get install libxapian-dev libgmime-3.0-dev libtalloc-dev zlib1g-dev python-sphinx
For Fedora and similar: For Fedora and similar:

17
NEWS
View file

@ -28,6 +28,23 @@ Indexing cleartext of encrypted e-mails
that the notmuch index itself is adequately protected. DO NOT USE that the notmuch index itself is adequately protected. DO NOT USE
this feature without considering the security of your index. this feature without considering the security of your index.
Notmuch 0.25.3 (2017-12-08)
===========================
Emacs
-----
Extend mitigation (disabling handling x-display in text/enriched) for
Emacs bug #28350 to Emacs versions before 24.4 (i.e. without
`advice-add`).
Command Line Interface
----------------------
Correctly report userid validity. Fix test suite failure for GMime >=
3.0.3. This change raises the minimum supported version of GMime 3.x
to 3.0.3.
Notmuch 0.25.2 (2017-11-05) Notmuch 0.25.2 (2017-11-05)
=========================== ===========================

View file

@ -1,3 +1,3 @@
# this file should be kept in sync with ../../../version # this file should be kept in sync with ../../../version
__VERSION__ = '0.25.2' __VERSION__ = '0.25.3'
SOVERSION = '5' SOVERSION = '5'

3
configure vendored
View file

@ -478,9 +478,10 @@ fi
# we need to have a version >= 2.6.5 to avoid a crypto bug. We need # we need to have a version >= 2.6.5 to avoid a crypto bug. We need
# 2.6.7 for permissive "From " header handling. # 2.6.7 for permissive "From " header handling.
GMIME_MINVER=2.6.7 GMIME_MINVER=2.6.7
GMIME3_MINVER=3.0.3
printf "Checking for GMime development files... " printf "Checking for GMime development files... "
if pkg-config --exists "gmime-3.0"; then if pkg-config --exists "gmime-3.0 > $GMIME3_MINVER"; then
printf "Yes (3.0).\n" printf "Yes (3.0).\n"
have_gmime=1 have_gmime=1
gmime_cflags=$(pkg-config --cflags gmime-3.0) gmime_cflags=$(pkg-config --cflags gmime-3.0)

9
debian/changelog vendored
View file

@ -1,3 +1,12 @@
notmuch (0.25.3-1) unstable; urgency=medium
* Upstream bugfix release. Fix for OpenPGP UID validity reporting,
and build failure with GMime 3.0.3+.
* Bug fix: "notmuch FTBFS on Alpha due to broken gdb", thanks to
Michael Cree (Closes: #881028).
-- David Bremner <bremner@debian.org> Fri, 08 Dec 2017 21:08:00 -0400
notmuch (0.25.2-1) unstable; urgency=medium notmuch (0.25.2-1) unstable; urgency=medium
* New upstream bugfix release: fix for segfault when compiled * New upstream bugfix release: fix for segfault when compiled

4
debian/control vendored
View file

@ -11,7 +11,7 @@ Build-Depends:
debhelper (>= 9), debhelper (>= 9),
pkg-config, pkg-config,
libxapian-dev, libxapian-dev,
libgmime-3.0-dev | libgmime-2.6-dev (>= 2.6.7~), libgmime-3.0-dev (>= 3.0.3~) | libgmime-2.6-dev (>= 2.6.7~),
libtalloc-dev, libtalloc-dev,
libz-dev, libz-dev,
python-all (>= 2.6.6-3~), python-all (>= 2.6.6-3~),
@ -23,7 +23,7 @@ Build-Depends:
emacs25-nox | emacs25 (>=25~) | emacs25-lucid (>=25~) | emacs25-nox | emacs25 (>=25~) | emacs25-lucid (>=25~) |
emacs24-nox | emacs24 (>=24~) | emacs24-lucid (>=24~) | emacs24-nox | emacs24 (>=24~) | emacs24-lucid (>=24~) |
emacs23-nox | emacs23 (>=23~) | emacs23-lucid (>=23~), emacs23-nox | emacs23 (>=23~) | emacs23-lucid (>=23~),
gdb [!s390x !ia64 !armel !ppc64el !mips !mipsel !mips64el !kfreebsd-any], gdb [!s390x !ia64 !armel !ppc64el !mips !mipsel !mips64el !kfreebsd-any !alpha],
dtach (>= 0.8), dtach (>= 0.8),
gpgsm <!nocheck>, gpgsm <!nocheck>,
gnupg <!nocheck>, gnupg <!nocheck>,

View file

@ -773,14 +773,19 @@ will return nil if the CID is unknown or cannot be retrieved."
(defun notmuch-show-insert-part-text/x-vcalendar (msg part content-type nth depth button) (defun notmuch-show-insert-part-text/x-vcalendar (msg part content-type nth depth button)
(notmuch-show-insert-part-text/calendar msg part content-type nth depth button)) (notmuch-show-insert-part-text/calendar msg part content-type nth depth button))
;; https://bugs.gnu.org/28350 (if (version< emacs-version "25.3")
(defun notmuch-show--enriched-decode-display-prop (start end &optional param) ;; https://bugs.gnu.org/28350
(list start end)) ;;
;; For newer emacs, we fall back to notmuch-show-insert-part-*/*
(defun notmuch-show-insert-part-text/enriched (msg part content-type nth depth button) ;; (see notmuch-show-handlers-for)
(advice-add 'enriched-decode-display-prop :override (defun notmuch-show-insert-part-text/enriched (msg part content-type nth depth button)
#'notmuch-show--enriched-decode-display-prop) ;; By requiring enriched below, we ensure that the function enriched-decode-display-prop
nil) ;; is defined before it will be shadowed by the letf below. Otherwise the version
;; in enriched.el may be loaded a bit later and used instead (for the first time).
(require 'enriched)
(letf (((symbol-function 'enriched-decode-display-prop)
(lambda (start end &optional param) (list start end))))
(notmuch-show-insert-part-*/* msg part content-type nth depth button))))
(defun notmuch-show-get-mime-type-of-application/octet-stream (part) (defun notmuch-show-get-mime-type-of-application/octet-stream (part)
;; If we can deduce a MIME type from the filename of the attachment, ;; If we can deduce a MIME type from the filename of the attachment,

View file

@ -446,15 +446,11 @@ format_part_sigstatus_sprinter (sprinter_t *sp, mime_node_t *node)
sp->map_key (sp, "expires"); sp->map_key (sp, "expires");
sp->integer (sp, expires); sp->integer (sp, expires);
} }
/* output user id only if validity is FULL or ULTIMATE. */
/* note that gmime is using the term "trust" here, which
* is WRONG. It's actually user id "validity". */
if (certificate) { if (certificate) {
const char *name = g_mime_certificate_get_uid (certificate); const char *uid = g_mime_certificate_get_valid_userid (certificate);
GMimeCertificateTrust trust = g_mime_certificate_get_trust (certificate); if (uid) {
if (name && (trust == GMIME_CERTIFICATE_TRUST_FULLY || trust == GMIME_CERTIFICATE_TRUST_ULTIMATE)) {
sp->map_key (sp, "userid"); sp->map_key (sp, "userid");
sp->string (sp, name); sp->string (sp, uid);
} }
} }
} else if (certificate) { } else if (certificate) {

View file

@ -48,6 +48,12 @@ EOF
test_expect_equal_file EXPECTED OUTPUT test_expect_equal_file EXPECTED OUTPUT
test_begin_subtest "signature verification (notmuch CLI)" test_begin_subtest "signature verification (notmuch CLI)"
if [ "${NOTMUCH_GMIME_MAJOR}" -lt 3 ]; then
# gmime 2 can't report User IDs properly for S/MIME
USERID=''
else
USERID='"userid": "CN=Notmuch Test Suite",'
fi
output=$(notmuch show --format=json --verify subject:"test signed message 001" \ output=$(notmuch show --format=json --verify subject:"test signed message 001" \
| notmuch_json_show_sanitize \ | notmuch_json_show_sanitize \
| sed -e 's|"created": [-1234567890]*|"created": 946728000|' \ | sed -e 's|"created": [-1234567890]*|"created": 946728000|' \
@ -65,7 +71,7 @@ expected='[[[{"id": "XXXXX",
"Date": "Sat, 01 Jan 2000 12:00:00 +0000"}, "Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
"body": [{"id": 1, "body": [{"id": 1,
"sigstatus": [{"fingerprint": "'$FINGERPRINT'", "sigstatus": [{"fingerprint": "'$FINGERPRINT'",
"status": "good", "status": "good",'$USERID'
"expires": 424242424, "expires": 424242424,
"created": 946728000}], "created": 946728000}],
"content-type": "multipart/signed", "content-type": "multipart/signed",

View file

@ -198,5 +198,14 @@ This is an error
stdout: stdout:
This is output" This is output"
test_begin_subtest "text/enriched exploit mitigation"
add_message '[content-type]="text/enriched"
[body]="
<x-display><param>(when (progn (read-only-mode -1) (insert ?p ?0 ?w ?n ?e ?d)) nil)</param>test</x-display>
"'
test_emacs '(notmuch-show "id:'$gen_msg_id'")
(test-visible-output "OUTPUT.raw")'
output=$(head -1 OUTPUT.raw|cut -f1-4 -d' ')
test_expect_equal "$output" "Notmuch Test Suite <test_suite@notmuchmail.org>"
test_done test_done

View file

@ -33,6 +33,21 @@ g_string_talloc_strdup (void *ctx, char *g_string)
#if (GMIME_MAJOR_VERSION < 3) #if (GMIME_MAJOR_VERSION < 3)
const char *
g_mime_certificate_get_valid_userid (GMimeCertificate *cert)
{
/* output user id only if validity is FULL or ULTIMATE. */
/* note that gmime 2.6 is using the term "trust" here, which
* is WRONG. It's actually user id "validity". */
const char *name = g_mime_certificate_get_name (cert);
if (name == NULL)
return name;
GMimeCertificateTrust trust = g_mime_certificate_get_trust (cert);
if (trust == GMIME_CERTIFICATE_TRUST_FULLY || trust == GMIME_CERTIFICATE_TRUST_ULTIMATE)
return name;
return NULL;
}
char * char *
g_mime_message_get_address_string (GMimeMessage *message, GMimeRecipientType type) g_mime_message_get_address_string (GMimeMessage *message, GMimeRecipientType type)
{ {
@ -107,6 +122,19 @@ g_mime_utils_header_decode_date_unix (const char *date) {
#else /* GMime >= 3.0 */ #else /* GMime >= 3.0 */
const char *
g_mime_certificate_get_valid_userid (GMimeCertificate *cert)
{
/* output user id only if validity is FULL or ULTIMATE. */
const char *uid = g_mime_certificate_get_user_id (cert);
if (uid == NULL)
return uid;
GMimeValidity validity = g_mime_certificate_get_id_validity (cert);
if (validity == GMIME_VALIDITY_FULL || validity == GMIME_VALIDITY_ULTIMATE)
return uid;
return NULL;
}
const char* const char*
g_mime_certificate_get_fpr16 (GMimeCertificate *cert) { g_mime_certificate_get_fpr16 (GMimeCertificate *cert) {
const char *fpr = g_mime_certificate_get_fingerprint (cert); const char *fpr = g_mime_certificate_get_fingerprint (cert);

View file

@ -16,11 +16,9 @@ GMimeStream *g_mime_stream_stdout_new(void);
#define g_mime_2_6_unref(obj) g_object_unref (obj) #define g_mime_2_6_unref(obj) g_object_unref (obj)
#define g_mime_3_unused(arg) arg #define g_mime_3_unused(arg) arg
#define g_mime_certificate_get_fpr16(cert) g_mime_certificate_get_key_id (cert) #define g_mime_certificate_get_fpr16(cert) g_mime_certificate_get_key_id (cert)
#define g_mime_certificate_get_uid(cert) g_mime_certificate_get_name (cert);
#else /* GMime >= 3.0 */ #else /* GMime >= 3.0 */
#define GMIME_ENABLE_RFC_2047_WORKAROUNDS 0xdeadbeef #define GMIME_ENABLE_RFC_2047_WORKAROUNDS 0xdeadbeef
#define g_mime_certificate_get_uid(cert) g_mime_certificate_get_key_id (cert);
#define g_mime_content_type_to_string(c) g_mime_content_type_get_mime_type (c) #define g_mime_content_type_to_string(c) g_mime_content_type_get_mime_type (c)
#define g_mime_filter_crlf_new(encode,dots) g_mime_filter_dos2unix_new (FALSE) #define g_mime_filter_crlf_new(encode,dots) g_mime_filter_dos2unix_new (FALSE)
#define g_mime_gpg_context_new(func,path) g_mime_gpg_context_new () #define g_mime_gpg_context_new(func,path) g_mime_gpg_context_new ()
@ -45,15 +43,6 @@ typedef GMimeAddressType GMimeRecipientType;
typedef GMimeSignatureStatus GMimeSignatureError; typedef GMimeSignatureStatus GMimeSignatureError;
typedef GMimeTrust GMimeCertificateTrust;
#define GMIME_CERTIFICATE_TRUST_UNKNOWN GMIME_TRUST_UNKNOWN
#define GMIME_CERTIFICATE_TRUST_UNDEFINED GMIME_TRUST_UNDEFINED
#define GMIME_CERTIFICATE_TRUST_NEVER GMIME_TRUST_NEVER
#define GMIME_CERTIFICATE_TRUST_MARGINAL GMIME_TRUST_MARGINAL
#define GMIME_CERTIFICATE_TRUST_FULLY GMIME_TRUST_FULL
#define GMIME_CERTIFICATE_TRUST_ULTIMATE GMIME_TRUST_ULTIMATE
#define g_mime_2_6_unref(obj) /*ignore*/ #define g_mime_2_6_unref(obj) /*ignore*/
#define g_mime_3_unused(arg) unused(arg) #define g_mime_3_unused(arg) unused(arg)
#endif #endif
@ -105,4 +94,10 @@ gboolean g_mime_signature_status_bad (GMimeSignatureStatus status);
gboolean g_mime_signature_status_error (GMimeSignatureError status); gboolean g_mime_signature_status_error (GMimeSignatureError status);
gint64 g_mime_utils_header_decode_date_unix (const char *date); gint64 g_mime_utils_header_decode_date_unix (const char *date);
/**
* Return string for valid User ID (or NULL if no valid User ID exists)
*/
const char * g_mime_certificate_get_valid_userid (GMimeCertificate *cert);
#endif #endif

View file

@ -1 +1 @@
0.25.2 0.25.3