reading mail while notmuch would wait for Xapian when removing
the "inbox" and "unread" tags from messages in a thread.
- GMime 2.6
- ----------
+ GMime
+ -----
GMime provides decoding of MIME email messages for Notmuch.
Without GMime, Notmuch would not be able to extract and index
For Debian and similar:
- sudo apt-get install libxapian-dev libgmime-2.6-dev libtalloc-dev zlib1g-dev python-sphinx
+ sudo apt-get install libxapian-dev libgmime-3.0-dev libtalloc-dev zlib1g-dev python-sphinx
For Fedora and similar:
that the notmuch index itself is adequately protected. DO NOT USE
this feature without considering the security of your index.
+Notmuch 0.25.3 (2017-12-08)
+===========================
+
+Emacs
+-----
+
+Extend mitigation (disabling handling x-display in text/enriched) for
+Emacs bug #28350 to Emacs versions before 24.4 (i.e. without
+`advice-add`).
+
+Command Line Interface
+----------------------
+
+Correctly report userid validity. Fix test suite failure for GMime >=
+3.0.3. This change raises the minimum supported version of GMime 3.x
+to 3.0.3.
+
Notmuch 0.25.2 (2017-11-05)
===========================
# this file should be kept in sync with ../../../version
-__VERSION__ = '0.25.2'
+__VERSION__ = '0.25.3'
SOVERSION = '5'
# we need to have a version >= 2.6.5 to avoid a crypto bug. We need
# 2.6.7 for permissive "From " header handling.
GMIME_MINVER=2.6.7
+GMIME3_MINVER=3.0.3
printf "Checking for GMime development files... "
-if pkg-config --exists "gmime-3.0"; then
+if pkg-config --exists "gmime-3.0 > $GMIME3_MINVER"; then
printf "Yes (3.0).\n"
have_gmime=1
gmime_cflags=$(pkg-config --cflags gmime-3.0)
+notmuch (0.25.3-1) unstable; urgency=medium
+
+ * Upstream bugfix release. Fix for OpenPGP UID validity reporting,
+ and build failure with GMime 3.0.3+.
+ * Bug fix: "notmuch FTBFS on Alpha due to broken gdb", thanks to
+ Michael Cree (Closes: #881028).
+
+ -- David Bremner <bremner@debian.org> Fri, 08 Dec 2017 21:08:00 -0400
+
notmuch (0.25.2-1) unstable; urgency=medium
* New upstream bugfix release: fix for segfault when compiled
debhelper (>= 9),
pkg-config,
libxapian-dev,
- libgmime-3.0-dev | libgmime-2.6-dev (>= 2.6.7~),
+ libgmime-3.0-dev (>= 3.0.3~) | libgmime-2.6-dev (>= 2.6.7~),
libtalloc-dev,
libz-dev,
python-all (>= 2.6.6-3~),
emacs25-nox | emacs25 (>=25~) | emacs25-lucid (>=25~) |
emacs24-nox | emacs24 (>=24~) | emacs24-lucid (>=24~) |
emacs23-nox | emacs23 (>=23~) | emacs23-lucid (>=23~),
- gdb [!s390x !ia64 !armel !ppc64el !mips !mipsel !mips64el !kfreebsd-any],
+ gdb [!s390x !ia64 !armel !ppc64el !mips !mipsel !mips64el !kfreebsd-any !alpha],
dtach (>= 0.8),
gpgsm <!nocheck>,
gnupg <!nocheck>,
(defun notmuch-show-insert-part-text/x-vcalendar (msg part content-type nth depth button)
(notmuch-show-insert-part-text/calendar msg part content-type nth depth button))
-;; https://bugs.gnu.org/28350
-(defun notmuch-show--enriched-decode-display-prop (start end &optional param)
- (list start end))
-
-(defun notmuch-show-insert-part-text/enriched (msg part content-type nth depth button)
- (advice-add 'enriched-decode-display-prop :override
- #'notmuch-show--enriched-decode-display-prop)
- nil)
+(if (version< emacs-version "25.3")
+ ;; https://bugs.gnu.org/28350
+ ;;
+ ;; For newer emacs, we fall back to notmuch-show-insert-part-*/*
+ ;; (see notmuch-show-handlers-for)
+ (defun notmuch-show-insert-part-text/enriched (msg part content-type nth depth button)
+ ;; By requiring enriched below, we ensure that the function enriched-decode-display-prop
+ ;; is defined before it will be shadowed by the letf below. Otherwise the version
+ ;; in enriched.el may be loaded a bit later and used instead (for the first time).
+ (require 'enriched)
+ (letf (((symbol-function 'enriched-decode-display-prop)
+ (lambda (start end &optional param) (list start end))))
+ (notmuch-show-insert-part-*/* msg part content-type nth depth button))))
(defun notmuch-show-get-mime-type-of-application/octet-stream (part)
;; If we can deduce a MIME type from the filename of the attachment,
sp->map_key (sp, "expires");
sp->integer (sp, expires);
}
- /* output user id only if validity is FULL or ULTIMATE. */
- /* note that gmime is using the term "trust" here, which
- * is WRONG. It's actually user id "validity". */
if (certificate) {
- const char *name = g_mime_certificate_get_uid (certificate);
- GMimeCertificateTrust trust = g_mime_certificate_get_trust (certificate);
- if (name && (trust == GMIME_CERTIFICATE_TRUST_FULLY || trust == GMIME_CERTIFICATE_TRUST_ULTIMATE)) {
+ const char *uid = g_mime_certificate_get_valid_userid (certificate);
+ if (uid) {
sp->map_key (sp, "userid");
- sp->string (sp, name);
+ sp->string (sp, uid);
}
}
} else if (certificate) {
test_expect_equal_file EXPECTED OUTPUT
test_begin_subtest "signature verification (notmuch CLI)"
+if [ "${NOTMUCH_GMIME_MAJOR}" -lt 3 ]; then
+ # gmime 2 can't report User IDs properly for S/MIME
+ USERID=''
+else
+ USERID='"userid": "CN=Notmuch Test Suite",'
+fi
output=$(notmuch show --format=json --verify subject:"test signed message 001" \
| notmuch_json_show_sanitize \
| sed -e 's|"created": [-1234567890]*|"created": 946728000|' \
"Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
"body": [{"id": 1,
"sigstatus": [{"fingerprint": "'$FINGERPRINT'",
- "status": "good",
+ "status": "good",'$USERID'
"expires": 424242424,
"created": 946728000}],
"content-type": "multipart/signed",
stdout:
This is output"
+test_begin_subtest "text/enriched exploit mitigation"
+add_message '[content-type]="text/enriched"
+ [body]="
+<x-display><param>(when (progn (read-only-mode -1) (insert ?p ?0 ?w ?n ?e ?d)) nil)</param>test</x-display>
+"'
+test_emacs '(notmuch-show "id:'$gen_msg_id'")
+ (test-visible-output "OUTPUT.raw")'
+output=$(head -1 OUTPUT.raw|cut -f1-4 -d' ')
+test_expect_equal "$output" "Notmuch Test Suite <test_suite@notmuchmail.org>"
test_done
#if (GMIME_MAJOR_VERSION < 3)
+const char *
+g_mime_certificate_get_valid_userid (GMimeCertificate *cert)
+{
+ /* output user id only if validity is FULL or ULTIMATE. */
+ /* note that gmime 2.6 is using the term "trust" here, which
+ * is WRONG. It's actually user id "validity". */
+ const char *name = g_mime_certificate_get_name (cert);
+ if (name == NULL)
+ return name;
+ GMimeCertificateTrust trust = g_mime_certificate_get_trust (cert);
+ if (trust == GMIME_CERTIFICATE_TRUST_FULLY || trust == GMIME_CERTIFICATE_TRUST_ULTIMATE)
+ return name;
+ return NULL;
+}
+
char *
g_mime_message_get_address_string (GMimeMessage *message, GMimeRecipientType type)
{
#else /* GMime >= 3.0 */
+const char *
+g_mime_certificate_get_valid_userid (GMimeCertificate *cert)
+{
+ /* output user id only if validity is FULL or ULTIMATE. */
+ const char *uid = g_mime_certificate_get_user_id (cert);
+ if (uid == NULL)
+ return uid;
+ GMimeValidity validity = g_mime_certificate_get_id_validity (cert);
+ if (validity == GMIME_VALIDITY_FULL || validity == GMIME_VALIDITY_ULTIMATE)
+ return uid;
+ return NULL;
+}
+
const char*
g_mime_certificate_get_fpr16 (GMimeCertificate *cert) {
const char *fpr = g_mime_certificate_get_fingerprint (cert);
#define g_mime_2_6_unref(obj) g_object_unref (obj)
#define g_mime_3_unused(arg) arg
#define g_mime_certificate_get_fpr16(cert) g_mime_certificate_get_key_id (cert)
-#define g_mime_certificate_get_uid(cert) g_mime_certificate_get_name (cert);
#else /* GMime >= 3.0 */
#define GMIME_ENABLE_RFC_2047_WORKAROUNDS 0xdeadbeef
-#define g_mime_certificate_get_uid(cert) g_mime_certificate_get_key_id (cert);
#define g_mime_content_type_to_string(c) g_mime_content_type_get_mime_type (c)
#define g_mime_filter_crlf_new(encode,dots) g_mime_filter_dos2unix_new (FALSE)
#define g_mime_gpg_context_new(func,path) g_mime_gpg_context_new ()
typedef GMimeSignatureStatus GMimeSignatureError;
-typedef GMimeTrust GMimeCertificateTrust;
-
-#define GMIME_CERTIFICATE_TRUST_UNKNOWN GMIME_TRUST_UNKNOWN
-#define GMIME_CERTIFICATE_TRUST_UNDEFINED GMIME_TRUST_UNDEFINED
-#define GMIME_CERTIFICATE_TRUST_NEVER GMIME_TRUST_NEVER
-#define GMIME_CERTIFICATE_TRUST_MARGINAL GMIME_TRUST_MARGINAL
-#define GMIME_CERTIFICATE_TRUST_FULLY GMIME_TRUST_FULL
-#define GMIME_CERTIFICATE_TRUST_ULTIMATE GMIME_TRUST_ULTIMATE
-
#define g_mime_2_6_unref(obj) /*ignore*/
#define g_mime_3_unused(arg) unused(arg)
#endif
gboolean g_mime_signature_status_error (GMimeSignatureError status);
gint64 g_mime_utils_header_decode_date_unix (const char *date);
+
+/**
+ * Return string for valid User ID (or NULL if no valid User ID exists)
+ */
+const char * g_mime_certificate_get_valid_userid (GMimeCertificate *cert);
+
#endif