Merge branch 'release'

Conflicts:
        NEWS

Add in NEWS from point release
This commit is contained in:
David Bremner 2017-12-08 22:19:06 -04:00
commit 040c3236af
13 changed files with 101 additions and 35 deletions

View file

@ -39,8 +39,8 @@ Talloc, and zlib which are each described below:
reading mail while notmuch would wait for Xapian when removing
the "inbox" and "unread" tags from messages in a thread.
GMime 2.6
----------
GMime
-----
GMime provides decoding of MIME email messages for Notmuch.
Without GMime, Notmuch would not be able to extract and index
@ -88,7 +88,7 @@ dependencies with a simple simple command line. For example:
For Debian and similar:
sudo apt-get install libxapian-dev libgmime-2.6-dev libtalloc-dev zlib1g-dev python-sphinx
sudo apt-get install libxapian-dev libgmime-3.0-dev libtalloc-dev zlib1g-dev python-sphinx
For Fedora and similar:

17
NEWS
View file

@ -28,6 +28,23 @@ Indexing cleartext of encrypted e-mails
that the notmuch index itself is adequately protected. DO NOT USE
this feature without considering the security of your index.
Notmuch 0.25.3 (2017-12-08)
===========================
Emacs
-----
Extend mitigation (disabling handling x-display in text/enriched) for
Emacs bug #28350 to Emacs versions before 24.4 (i.e. without
`advice-add`).
Command Line Interface
----------------------
Correctly report userid validity. Fix test suite failure for GMime >=
3.0.3. This change raises the minimum supported version of GMime 3.x
to 3.0.3.
Notmuch 0.25.2 (2017-11-05)
===========================

View file

@ -1,3 +1,3 @@
# this file should be kept in sync with ../../../version
__VERSION__ = '0.25.2'
__VERSION__ = '0.25.3'
SOVERSION = '5'

3
configure vendored
View file

@ -478,9 +478,10 @@ fi
# we need to have a version >= 2.6.5 to avoid a crypto bug. We need
# 2.6.7 for permissive "From " header handling.
GMIME_MINVER=2.6.7
GMIME3_MINVER=3.0.3
printf "Checking for GMime development files... "
if pkg-config --exists "gmime-3.0"; then
if pkg-config --exists "gmime-3.0 > $GMIME3_MINVER"; then
printf "Yes (3.0).\n"
have_gmime=1
gmime_cflags=$(pkg-config --cflags gmime-3.0)

9
debian/changelog vendored
View file

@ -1,3 +1,12 @@
notmuch (0.25.3-1) unstable; urgency=medium
* Upstream bugfix release. Fix for OpenPGP UID validity reporting,
and build failure with GMime 3.0.3+.
* Bug fix: "notmuch FTBFS on Alpha due to broken gdb", thanks to
Michael Cree (Closes: #881028).
-- David Bremner <bremner@debian.org> Fri, 08 Dec 2017 21:08:00 -0400
notmuch (0.25.2-1) unstable; urgency=medium
* New upstream bugfix release: fix for segfault when compiled

4
debian/control vendored
View file

@ -11,7 +11,7 @@ Build-Depends:
debhelper (>= 9),
pkg-config,
libxapian-dev,
libgmime-3.0-dev | libgmime-2.6-dev (>= 2.6.7~),
libgmime-3.0-dev (>= 3.0.3~) | libgmime-2.6-dev (>= 2.6.7~),
libtalloc-dev,
libz-dev,
python-all (>= 2.6.6-3~),
@ -23,7 +23,7 @@ Build-Depends:
emacs25-nox | emacs25 (>=25~) | emacs25-lucid (>=25~) |
emacs24-nox | emacs24 (>=24~) | emacs24-lucid (>=24~) |
emacs23-nox | emacs23 (>=23~) | emacs23-lucid (>=23~),
gdb [!s390x !ia64 !armel !ppc64el !mips !mipsel !mips64el !kfreebsd-any],
gdb [!s390x !ia64 !armel !ppc64el !mips !mipsel !mips64el !kfreebsd-any !alpha],
dtach (>= 0.8),
gpgsm <!nocheck>,
gnupg <!nocheck>,

View file

@ -773,14 +773,19 @@ will return nil if the CID is unknown or cannot be retrieved."
(defun notmuch-show-insert-part-text/x-vcalendar (msg part content-type nth depth button)
(notmuch-show-insert-part-text/calendar msg part content-type nth depth button))
(if (version< emacs-version "25.3")
;; https://bugs.gnu.org/28350
(defun notmuch-show--enriched-decode-display-prop (start end &optional param)
(list start end))
;;
;; For newer emacs, we fall back to notmuch-show-insert-part-*/*
;; (see notmuch-show-handlers-for)
(defun notmuch-show-insert-part-text/enriched (msg part content-type nth depth button)
(advice-add 'enriched-decode-display-prop :override
#'notmuch-show--enriched-decode-display-prop)
nil)
;; By requiring enriched below, we ensure that the function enriched-decode-display-prop
;; is defined before it will be shadowed by the letf below. Otherwise the version
;; in enriched.el may be loaded a bit later and used instead (for the first time).
(require 'enriched)
(letf (((symbol-function 'enriched-decode-display-prop)
(lambda (start end &optional param) (list start end))))
(notmuch-show-insert-part-*/* msg part content-type nth depth button))))
(defun notmuch-show-get-mime-type-of-application/octet-stream (part)
;; If we can deduce a MIME type from the filename of the attachment,

View file

@ -446,15 +446,11 @@ format_part_sigstatus_sprinter (sprinter_t *sp, mime_node_t *node)
sp->map_key (sp, "expires");
sp->integer (sp, expires);
}
/* output user id only if validity is FULL or ULTIMATE. */
/* note that gmime is using the term "trust" here, which
* is WRONG. It's actually user id "validity". */
if (certificate) {
const char *name = g_mime_certificate_get_uid (certificate);
GMimeCertificateTrust trust = g_mime_certificate_get_trust (certificate);
if (name && (trust == GMIME_CERTIFICATE_TRUST_FULLY || trust == GMIME_CERTIFICATE_TRUST_ULTIMATE)) {
const char *uid = g_mime_certificate_get_valid_userid (certificate);
if (uid) {
sp->map_key (sp, "userid");
sp->string (sp, name);
sp->string (sp, uid);
}
}
} else if (certificate) {

View file

@ -48,6 +48,12 @@ EOF
test_expect_equal_file EXPECTED OUTPUT
test_begin_subtest "signature verification (notmuch CLI)"
if [ "${NOTMUCH_GMIME_MAJOR}" -lt 3 ]; then
# gmime 2 can't report User IDs properly for S/MIME
USERID=''
else
USERID='"userid": "CN=Notmuch Test Suite",'
fi
output=$(notmuch show --format=json --verify subject:"test signed message 001" \
| notmuch_json_show_sanitize \
| sed -e 's|"created": [-1234567890]*|"created": 946728000|' \
@ -65,7 +71,7 @@ expected='[[[{"id": "XXXXX",
"Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
"body": [{"id": 1,
"sigstatus": [{"fingerprint": "'$FINGERPRINT'",
"status": "good",
"status": "good",'$USERID'
"expires": 424242424,
"created": 946728000}],
"content-type": "multipart/signed",

View file

@ -198,5 +198,14 @@ This is an error
stdout:
This is output"
test_begin_subtest "text/enriched exploit mitigation"
add_message '[content-type]="text/enriched"
[body]="
<x-display><param>(when (progn (read-only-mode -1) (insert ?p ?0 ?w ?n ?e ?d)) nil)</param>test</x-display>
"'
test_emacs '(notmuch-show "id:'$gen_msg_id'")
(test-visible-output "OUTPUT.raw")'
output=$(head -1 OUTPUT.raw|cut -f1-4 -d' ')
test_expect_equal "$output" "Notmuch Test Suite <test_suite@notmuchmail.org>"
test_done

View file

@ -33,6 +33,21 @@ g_string_talloc_strdup (void *ctx, char *g_string)
#if (GMIME_MAJOR_VERSION < 3)
const char *
g_mime_certificate_get_valid_userid (GMimeCertificate *cert)
{
/* output user id only if validity is FULL or ULTIMATE. */
/* note that gmime 2.6 is using the term "trust" here, which
* is WRONG. It's actually user id "validity". */
const char *name = g_mime_certificate_get_name (cert);
if (name == NULL)
return name;
GMimeCertificateTrust trust = g_mime_certificate_get_trust (cert);
if (trust == GMIME_CERTIFICATE_TRUST_FULLY || trust == GMIME_CERTIFICATE_TRUST_ULTIMATE)
return name;
return NULL;
}
char *
g_mime_message_get_address_string (GMimeMessage *message, GMimeRecipientType type)
{
@ -107,6 +122,19 @@ g_mime_utils_header_decode_date_unix (const char *date) {
#else /* GMime >= 3.0 */
const char *
g_mime_certificate_get_valid_userid (GMimeCertificate *cert)
{
/* output user id only if validity is FULL or ULTIMATE. */
const char *uid = g_mime_certificate_get_user_id (cert);
if (uid == NULL)
return uid;
GMimeValidity validity = g_mime_certificate_get_id_validity (cert);
if (validity == GMIME_VALIDITY_FULL || validity == GMIME_VALIDITY_ULTIMATE)
return uid;
return NULL;
}
const char*
g_mime_certificate_get_fpr16 (GMimeCertificate *cert) {
const char *fpr = g_mime_certificate_get_fingerprint (cert);

View file

@ -16,11 +16,9 @@ GMimeStream *g_mime_stream_stdout_new(void);
#define g_mime_2_6_unref(obj) g_object_unref (obj)
#define g_mime_3_unused(arg) arg
#define g_mime_certificate_get_fpr16(cert) g_mime_certificate_get_key_id (cert)
#define g_mime_certificate_get_uid(cert) g_mime_certificate_get_name (cert);
#else /* GMime >= 3.0 */
#define GMIME_ENABLE_RFC_2047_WORKAROUNDS 0xdeadbeef
#define g_mime_certificate_get_uid(cert) g_mime_certificate_get_key_id (cert);
#define g_mime_content_type_to_string(c) g_mime_content_type_get_mime_type (c)
#define g_mime_filter_crlf_new(encode,dots) g_mime_filter_dos2unix_new (FALSE)
#define g_mime_gpg_context_new(func,path) g_mime_gpg_context_new ()
@ -45,15 +43,6 @@ typedef GMimeAddressType GMimeRecipientType;
typedef GMimeSignatureStatus GMimeSignatureError;
typedef GMimeTrust GMimeCertificateTrust;
#define GMIME_CERTIFICATE_TRUST_UNKNOWN GMIME_TRUST_UNKNOWN
#define GMIME_CERTIFICATE_TRUST_UNDEFINED GMIME_TRUST_UNDEFINED
#define GMIME_CERTIFICATE_TRUST_NEVER GMIME_TRUST_NEVER
#define GMIME_CERTIFICATE_TRUST_MARGINAL GMIME_TRUST_MARGINAL
#define GMIME_CERTIFICATE_TRUST_FULLY GMIME_TRUST_FULL
#define GMIME_CERTIFICATE_TRUST_ULTIMATE GMIME_TRUST_ULTIMATE
#define g_mime_2_6_unref(obj) /*ignore*/
#define g_mime_3_unused(arg) unused(arg)
#endif
@ -105,4 +94,10 @@ gboolean g_mime_signature_status_bad (GMimeSignatureStatus status);
gboolean g_mime_signature_status_error (GMimeSignatureError status);
gint64 g_mime_utils_header_decode_date_unix (const char *date);
/**
* Return string for valid User ID (or NULL if no valid User ID exists)
*/
const char * g_mime_certificate_get_valid_userid (GMimeCertificate *cert);
#endif

View file

@ -1 +1 @@
0.25.2
0.25.3