Commit graph

5022 commits

Author SHA1 Message Date
Tomi Ollila
930920d510 lib/message.cc: fix Coverity finding (use after free)
The object where pointer to `data` was received was deleted before
it was used in _notmuch_string_list_append().

Relevant Coverity messages follow:

3: extract
Assigning: data = std::__cxx11::string(message->doc.()).c_str(),
which extracts wrapped state from temporary of type std::__cxx11::string.

4: dtor_free
The internal representation of temporary of type std::__cxx11::string
is freed by its destructor.

5: use after free:
Wrapper object use after free (WRAPPER_ESCAPE)
Using internal representation of destroyed object local data.

(cherry picked from commit 06adc27668)
2017-03-19 09:36:51 -03:00
David Bremner
770d00a895 update version to 0.23.7 2017-02-28 20:49:24 -04:00
David Bremner
cab1c36d52 NEWS: add news for 0.23.7 2017-02-28 20:46:53 -04:00
David Bremner
1c9aa39822 add changelog stanza for 0.23.7-1 2017-02-28 20:39:59 -04:00
David Bremner
1044775fc0 test: move GNUPGHOME to TEST_TMPDIR
We already use this directory for dtach sockets, so it makes sense to
put gnupg sockets there as well. There doesn't seem to be a clean way
to put a fully functional socket in a different location than
GNUPGHOME.
2017-02-27 20:01:42 -04:00
David Bremner
a4ddc63b23 Revert "configure: add test for gpgconf --create-socketdir"
This reverts commit 12f7d4e61d.

Since we're not using gpgconf anymore, drop the unneeded test in
configure.
2017-02-27 18:27:49 -04:00
David Bremner
5a42bb96c1 Revert "test: use gpgconf --create-socketdir if available"
This reverts commit e7b88e8b0a.

It turns out that this does not work well in environments without a
running systemd (or some other provider of /run/user)
2017-02-27 18:26:47 -04:00
David Bremner
c028ec8860 debian: set upload date and suite 2017-02-27 06:58:07 -04:00
David Bremner
7e565a3db3 NEWS: set release date 2017-02-27 06:57:42 -04:00
David Bremner
b1a42b5916 debian: note read-after-free fix in d/changelog 2017-02-25 08:48:10 -04:00
David Bremner
4191ab22e0 NEWS: document read-after-free bugfix 2017-02-25 08:45:43 -04:00
David Bremner
48253190ad version: bump to 0.23.6
python and debian bumped at the same time
2017-02-23 09:03:41 -04:00
David Bremner
4e649d000b lib: fix g_hash_table related read-after-free bug
The two g_hash_table functions (insert, add) have different behaviour
with respect to existing keys. g_hash_table_insert frees the new key,
while g_hash_table_add (which is really g_hash_table_replace in
disguise) frees the existing key. With this change 'ref' is live until
the end of the function (assuming single-threaded access to
'hash'). We can't guarantee it will continue to be live in the
future (i.e. there may be a future key duplication) so we copy it with
the allocation context passed to parse_references (in practice this is
the notmuch_message_t object whose parents we are finding).

Thanks to Tomi for the simpler approach to the problem based on
reading the fine glib manual.
2017-02-22 06:28:03 -04:00
David Bremner
928016a4ea debian: start changelog for 0.23.6 2017-02-21 07:51:44 -04:00
David Bremner
5e22323c15 NEWS: news for gpgconf use in test suite 2017-02-21 07:50:05 -04:00
David Bremner
e7b88e8b0a test: use gpgconf --create-socketdir if available
This enables the shortened socket pathes in /run or equivalent. The
explicit call to gpgconf is needed for nonstandard GNUPGHOME settings.

(amended according to id:m2fujatr4k.fsf@guru.guru-group.fi)
2017-02-21 07:45:40 -04:00
David Bremner
12f7d4e61d configure: add test for gpgconf --create-socketdir
This is primarily intended for use in the test suite (since notmuch
builds fine without gnupg installed). Thus we only write the variable
to sh.config.
2017-02-21 07:43:15 -04:00
David Bremner
cff1e0673a NEWS,debian: set date for release 2017-01-09 06:25:01 -04:00
David Bremner
44520bb6ad docs: add 2017 to copyright years 2017-01-08 08:35:17 -04:00
David Bremner
186436a04c bump version to 0.23.5 2017-01-08 08:32:56 -04:00
David Bremner
6c2e22db07 debian: changelog for 0.23.5-1 2017-01-08 08:31:28 -04:00
David Bremner
b8e768290f NEWS for 0.23.5 2017-01-08 08:30:08 -04:00
Tomi Ollila
c893480654 configure: fix $prefix expansion for libdir_expanded
Since the sed expansion line which did $prefix expansion for
libdir_expanded was changed from the legacy `...` format to the
new $(...) expression, the subtle backslash expansion change went
unnoticed -- \\$ which used to escape '$' now escapes '\' and the
following '$prefix' was attempted to expand as a variable. So
changing \\$ to \$ fixes this.

Also, replaced echo with printf %s -- echo does expansions of its own.

While at it, the following 2 inconsistencies were fixed:
 1) the /g flag was removed from first expression; second didn't have it
 2) first expression did not end with /, so "dropped" it from second

 configure | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
2017-01-01 18:15:58 -04:00
David Bremner
4dde1e6774 version: update to 0.23.4 2016-12-24 17:52:11 +09:00
David Bremner
70ba2c30ca set date in NEWS and debian/changelog
pentultimate prepartions for release
2016-12-24 17:51:05 +09:00
David Bremner
264a0c5196 debian: remove setting of emacslispdir
With dh-elpa, this setting is no longer used
2016-12-23 08:34:30 +09:00
David Bremner
a2534c3765 debian: changelog stanza for 0.23.4-1 2016-12-18 20:50:34 +09:00
David Bremner
e81c71639e NEWS: announce autoload fix 2016-12-15 20:24:17 +09:00
David Bremner
001256ab29 emacs: restore autoload cookie for notmuch-search
The cookie only applies to next form, so in the previous location it
applied to the put, rather than the function.
2016-12-15 20:22:34 +09:00
David Bremner
f1160fbe2c NEWS: news for notmuch-insert error handling 2016-12-15 20:21:32 +09:00
David Bremner
3d312e2577 cli/insert: document the use of EX_TEMPFAIL 2016-12-15 20:21:02 +09:00
David Bremner
d74c534570 cli/insert: return EX_TEMPFAIL for some errors
Attempt to distinguish between errors indicating misconfiguration or
programmer error, which we consider "permanent", in the sense that
automatic retries are unlikely to be useful, and those indicating
transient error conditions. We consider XAPIAN_EXCEPTION transient
because it covers the important special case of locking failure.
2016-12-07 07:00:40 -04:00
David Bremner
9259b97fa2 cli/insert: delay database open until after writing mail file
The idea is to get the mail written to disk, even if we can't open the
database (e.g. because some other process has a write lock, and notmuch
is compiled for non-blocking opens).
2016-12-07 07:00:40 -04:00
Tomi Ollila
27e293f653 test: gdb insert: redirect input inside gdb script
Running `gdb command < input` is not as reliable way to give input
to the command (some installations of gdb consume it). Use "set args"
gdb command to have input redirected at gdb 'run' time.
2016-12-07 07:00:39 -04:00
David Bremner
636367b4cf debian: changelog stanza for 0.23.3-3 2016-12-05 08:26:28 -04:00
David Bremner
ced03a11ef debian: disable gdb using tests on kfreebsd-*
gdb seems broken there.
2016-12-05 08:22:57 -04:00
David Bremner
5bb549a361 debian: fix transition package for notmuch-emacs
The current version is more a transition to nowhere.
2016-12-01 08:21:03 -04:00
David Bremner
fd7f3d0829 NEWS: fix date and title 2016-11-26 21:54:10 -04:00
David Bremner
94511fe1c8 NEWS: note disappearing files fix for notmuch new 2016-11-26 08:41:47 -04:00
David Bremner
fb6fd87063 NEWS: set date 2016-11-26 08:39:32 -04:00
David Bremner
7ee0220775 debian: finalize? changelog for 0.23.3-1 2016-11-26 08:38:13 -04:00
David Bremner
0ca7900727 cli/new: document new exit code
It seems important to give the numeric return code for people writing
scripts. Hopefully deviations from this convention are rare.
2016-11-25 22:44:05 -04:00
Jani Nikula
f5185881f7 cli: consider files vanishing during notmuch new non-fatal
If some software other than notmuch new renames or removes files
during the notmuch new scan (specifically after scandir but before
indexing the file), keep going instead of bailing out. Failing to
index the file is just a race condition between notmuch and the other
software; the rename could happen after the notmuch new scan
anyway. It's not fatal, and we'll catch the renamed files on the next
scan.

Add a new exit code for when files vanished, so the caller has a
chance to detect the race and re-run notmuch new to recover.

Reported by Paul Wise <pabs@debian.org> at
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=843127
2016-11-25 21:09:32 -04:00
David Bremner
3891d6cb98 debian: start changelog stanza for 0.23.3-1 2016-11-24 20:30:58 -04:00
David Bremner
805ad03317 version: bump to 0.23.3 2016-11-24 20:29:18 -04:00
David Bremner
733063c18b NEWS: note gnupg related test-suite fix 2016-11-24 20:28:27 -04:00
David Bremner
78fa7ec27b debian: disable dh_elpa_test
Currently it seems to interfere with running the notmuch test suite.
In any case we have no ert / buttercup format tests to run.
2016-11-24 20:25:35 -04:00
Daniel Kahn Gillmor
d31161c212 tests: account for varying-size cryptographic signatures
GnuPG 2.1.16 is now injecting the full issuer fingerprint in its
signatures, which makes them about 32 octets larger when
ascii-armored.

This change in size means that the size of the MIME parts will vary
depending on the version of gpg that the user has installed.  at any
rate, the signature part should be non-zero (this is true for
basically any MIME part), so we just test for that instead of an exact
size.
2016-11-24 20:22:12 -04:00
David Bremner
c9ec90ae7f NEWS: set date for release 2016-11-20 08:23:33 -04:00
Mark Walters
6d3713c981 NEWS for notmuch-cycle-notmuch-buffers 2016-11-20 08:19:15 -04:00