Merge branch 'release'

Conflicts:
        NEWS

Add in NEWS from point release

INSTALL

@@ -39,8 +39,8 @@ Talloc, and zlib which are each described below:
 	reading mail while notmuch would wait for Xapian when removing
 	the "inbox" and "unread" tags from messages in a thread.
 
-	GMime  2.6
-	----------
+	GMime
+	-----
 	GMime provides decoding of MIME email messages for Notmuch.
 
 	Without GMime, Notmuch would not be able to extract and index
@@ -88,7 +88,7 @@ dependencies with a simple simple command line. For example:
 
   For Debian and similar:
 
-        sudo apt-get install libxapian-dev libgmime-2.6-dev libtalloc-dev zlib1g-dev python-sphinx
+        sudo apt-get install libxapian-dev libgmime-3.0-dev libtalloc-dev zlib1g-dev python-sphinx
 
   For Fedora and similar:
 

NEWS

@@ -28,6 +28,23 @@ Indexing cleartext of encrypted e-mails
   that the notmuch index itself is adequately protected.  DO NOT USE
   this feature without considering the security of your index.
 
+Notmuch 0.25.3 (2017-12-08)
+===========================
+
+Emacs
+-----
+
+Extend mitigation (disabling handling x-display in text/enriched) for
+Emacs bug #28350 to Emacs versions before 24.4 (i.e. without
+`advice-add`).
+
+Command Line Interface
+----------------------
+
+Correctly report userid validity. Fix test suite failure for GMime >=
+3.0.3. This change raises the minimum supported version of GMime 3.x
+to 3.0.3.
+
 Notmuch 0.25.2 (2017-11-05)
 ===========================
 

bindings/python/notmuch/version.py

@@ -1,3 +1,3 @@
 # this file should be kept in sync with ../../../version
-__VERSION__ = '0.25.2'
+__VERSION__ = '0.25.3'
 SOVERSION = '5'

configure

@@ -478,9 +478,10 @@ fi
 # we need to have a version >= 2.6.5 to avoid a crypto bug. We need
 # 2.6.7 for permissive "From " header handling.
 GMIME_MINVER=2.6.7
+GMIME3_MINVER=3.0.3
 
 printf "Checking for GMime development files... "
-if pkg-config --exists "gmime-3.0"; then
+if pkg-config --exists "gmime-3.0 > $GMIME3_MINVER"; then
     printf "Yes (3.0).\n"
     have_gmime=1
     gmime_cflags=$(pkg-config --cflags gmime-3.0)

debian/changelog

@@ -1,3 +1,12 @@
+notmuch (0.25.3-1) unstable; urgency=medium
+
+  * Upstream bugfix release. Fix for OpenPGP UID validity reporting,
+    and build failure with GMime 3.0.3+.
+  * Bug fix: "notmuch FTBFS on Alpha due to broken gdb", thanks to
+    Michael Cree (Closes: #881028).
+
+ -- David Bremner <bremner@debian.org>  Fri, 08 Dec 2017 21:08:00 -0400
+
 notmuch (0.25.2-1) unstable; urgency=medium
 
   * New upstream bugfix release: fix for segfault when compiled

debian/control

@@ -11,7 +11,7 @@ Build-Depends:
  debhelper (>= 9),
  pkg-config,
  libxapian-dev,
- libgmime-3.0-dev | libgmime-2.6-dev (>= 2.6.7~),
+ libgmime-3.0-dev (>= 3.0.3~) | libgmime-2.6-dev (>= 2.6.7~),
  libtalloc-dev,
  libz-dev,
  python-all (>= 2.6.6-3~),
@@ -23,7 +23,7 @@ Build-Depends:
  emacs25-nox | emacs25 (>=25~) | emacs25-lucid (>=25~) |
  emacs24-nox | emacs24 (>=24~) | emacs24-lucid (>=24~) |
  emacs23-nox | emacs23 (>=23~) | emacs23-lucid (>=23~),
- gdb [!s390x !ia64 !armel !ppc64el !mips !mipsel !mips64el !kfreebsd-any],
+ gdb [!s390x !ia64 !armel !ppc64el !mips !mipsel !mips64el !kfreebsd-any !alpha],
  dtach (>= 0.8),
  gpgsm <!nocheck>,
  gnupg <!nocheck>,

emacs/notmuch-show.el

@@ -773,14 +773,19 @@ will return nil if the CID is unknown or cannot be retrieved."
 (defun notmuch-show-insert-part-text/x-vcalendar (msg part content-type nth depth button)
   (notmuch-show-insert-part-text/calendar msg part content-type nth depth button))
 
-;; https://bugs.gnu.org/28350
-(defun notmuch-show--enriched-decode-display-prop (start end &optional param)
-  (list start end))
-
-(defun notmuch-show-insert-part-text/enriched (msg part content-type nth depth button)
-  (advice-add 'enriched-decode-display-prop :override
-	      #'notmuch-show--enriched-decode-display-prop)
-  nil)
+(if (version< emacs-version "25.3")
+    ;; https://bugs.gnu.org/28350
+    ;;
+    ;; For newer emacs, we fall back to notmuch-show-insert-part-*/*
+    ;; (see notmuch-show-handlers-for)
+    (defun notmuch-show-insert-part-text/enriched (msg part content-type nth depth button)
+      ;; By requiring enriched below, we ensure that the function enriched-decode-display-prop
+      ;; is defined before it will be shadowed by the letf below. Otherwise the version
+      ;; in enriched.el may be loaded a bit later and used instead (for the first time).
+      (require 'enriched)
+      (letf (((symbol-function 'enriched-decode-display-prop)
+		 (lambda (start end &optional param) (list start end))))
+	(notmuch-show-insert-part-*/* msg part content-type nth depth button))))
 
 (defun notmuch-show-get-mime-type-of-application/octet-stream (part)
   ;; If we can deduce a MIME type from the filename of the attachment,

notmuch-show.c

@@ -446,15 +446,11 @@ format_part_sigstatus_sprinter (sprinter_t *sp, mime_node_t *node)
 		sp->map_key (sp, "expires");
 		sp->integer (sp, expires);
 	    }
-	    /* output user id only if validity is FULL or ULTIMATE. */
-	    /* note that gmime is using the term "trust" here, which
-	     * is WRONG.  It's actually user id "validity". */
 	    if (certificate) {
-		const char *name = g_mime_certificate_get_uid (certificate);
-		GMimeCertificateTrust trust = g_mime_certificate_get_trust (certificate);
-		if (name && (trust == GMIME_CERTIFICATE_TRUST_FULLY || trust == GMIME_CERTIFICATE_TRUST_ULTIMATE)) {
+		const char *uid = g_mime_certificate_get_valid_userid (certificate);
+		if (uid) {
 		    sp->map_key (sp, "userid");
-		    sp->string (sp, name);
+		    sp->string (sp, uid);
 		}
 	    }
 	} else if (certificate) {

test/T355-smime.sh

@@ -48,6 +48,12 @@ EOF
 test_expect_equal_file EXPECTED OUTPUT
 
 test_begin_subtest "signature verification (notmuch CLI)"
+if [ "${NOTMUCH_GMIME_MAJOR}" -lt 3 ]; then
+    # gmime 2 can't report User IDs properly for S/MIME
+    USERID=''
+else
+    USERID='"userid": "CN=Notmuch Test Suite",'
+fi
 output=$(notmuch show --format=json --verify subject:"test signed message 001" \
     | notmuch_json_show_sanitize \
     | sed -e 's|"created": [-1234567890]*|"created": 946728000|' \
@@ -65,7 +71,7 @@ expected='[[[{"id": "XXXXX",
  "Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
  "body": [{"id": 1,
  "sigstatus": [{"fingerprint": "'$FINGERPRINT'",
- "status": "good",
+ "status": "good",'$USERID'
  "expires": 424242424,
  "created": 946728000}],
  "content-type": "multipart/signed",

test/T450-emacs-show.sh

@@ -198,5 +198,14 @@ This is an error
 stdout:
 This is output"
 
+test_begin_subtest "text/enriched exploit mitigation"
+add_message '[content-type]="text/enriched"
+             [body]="
+<x-display><param>(when (progn (read-only-mode -1) (insert ?p ?0 ?w ?n ?e ?d)) nil)</param>test</x-display>
+"'
+test_emacs '(notmuch-show "id:'$gen_msg_id'")
+	(test-visible-output "OUTPUT.raw")'
+output=$(head -1 OUTPUT.raw|cut -f1-4 -d' ')
+test_expect_equal "$output" "Notmuch Test Suite <test_suite@notmuchmail.org>"
 
 test_done

util/gmime-extra.c

@@ -33,6 +33,21 @@ g_string_talloc_strdup (void *ctx, char *g_string)
 
 #if (GMIME_MAJOR_VERSION < 3)
 
+const char *
+g_mime_certificate_get_valid_userid (GMimeCertificate *cert)
+{
+    /* output user id only if validity is FULL or ULTIMATE. */
+    /* note that gmime 2.6 is using the term "trust" here, which
+     * is WRONG.  It's actually user id "validity". */
+    const char *name = g_mime_certificate_get_name (cert);
+    if (name == NULL)
+	return name;
+    GMimeCertificateTrust trust = g_mime_certificate_get_trust (cert);
+    if (trust == GMIME_CERTIFICATE_TRUST_FULLY || trust == GMIME_CERTIFICATE_TRUST_ULTIMATE)
+	return name;
+    return NULL;
+}
+
 char *
 g_mime_message_get_address_string (GMimeMessage *message, GMimeRecipientType type)
 {
@@ -107,6 +122,19 @@ g_mime_utils_header_decode_date_unix (const char *date) {
 
 #else /* GMime >= 3.0 */
 
+const char *
+g_mime_certificate_get_valid_userid (GMimeCertificate *cert)
+{
+    /* output user id only if validity is FULL or ULTIMATE. */
+    const char *uid = g_mime_certificate_get_user_id (cert);
+    if (uid == NULL)
+	return uid;
+    GMimeValidity validity = g_mime_certificate_get_id_validity (cert);
+    if (validity == GMIME_VALIDITY_FULL || validity == GMIME_VALIDITY_ULTIMATE)
+	return uid;
+    return NULL;
+}
+
 const char*
 g_mime_certificate_get_fpr16 (GMimeCertificate *cert) {
     const char *fpr = g_mime_certificate_get_fingerprint (cert);

util/gmime-extra.h

@@ -16,11 +16,9 @@ GMimeStream *g_mime_stream_stdout_new(void);
 #define g_mime_2_6_unref(obj) g_object_unref (obj)
 #define g_mime_3_unused(arg) arg
 #define g_mime_certificate_get_fpr16(cert) g_mime_certificate_get_key_id (cert)
-#define g_mime_certificate_get_uid(cert) g_mime_certificate_get_name (cert);
 #else /* GMime >= 3.0 */
 
 #define GMIME_ENABLE_RFC_2047_WORKAROUNDS 0xdeadbeef
-#define g_mime_certificate_get_uid(cert) g_mime_certificate_get_key_id (cert);
 #define g_mime_content_type_to_string(c) g_mime_content_type_get_mime_type (c)
 #define g_mime_filter_crlf_new(encode,dots) g_mime_filter_dos2unix_new (FALSE)
 #define g_mime_gpg_context_new(func,path) g_mime_gpg_context_new ()
@@ -45,15 +43,6 @@ typedef GMimeAddressType GMimeRecipientType;
 
 typedef GMimeSignatureStatus GMimeSignatureError;
 
-typedef GMimeTrust GMimeCertificateTrust;
-
-#define GMIME_CERTIFICATE_TRUST_UNKNOWN GMIME_TRUST_UNKNOWN
-#define GMIME_CERTIFICATE_TRUST_UNDEFINED GMIME_TRUST_UNDEFINED
-#define GMIME_CERTIFICATE_TRUST_NEVER GMIME_TRUST_NEVER
-#define GMIME_CERTIFICATE_TRUST_MARGINAL GMIME_TRUST_MARGINAL
-#define GMIME_CERTIFICATE_TRUST_FULLY GMIME_TRUST_FULL
-#define GMIME_CERTIFICATE_TRUST_ULTIMATE GMIME_TRUST_ULTIMATE
-
 #define g_mime_2_6_unref(obj) /*ignore*/
 #define g_mime_3_unused(arg) unused(arg)
 #endif
@@ -105,4 +94,10 @@ gboolean g_mime_signature_status_bad (GMimeSignatureStatus status);
 gboolean g_mime_signature_status_error (GMimeSignatureError status);
 
 gint64 g_mime_utils_header_decode_date_unix (const char *date);
+
+/**
+ * Return string for valid User ID (or NULL if no valid User ID exists)
+ */
+const char * g_mime_certificate_get_valid_userid (GMimeCertificate *cert);
+
 #endif

version

@@ -1 +1 @@
-0.25.2
+0.25.3