Greg Anders [Mon, 16 Mar 2020 18:27:42 +0000 (12:27 -0600)]
Make notmuch-mutt script more portable
The -D flag to install (used in the Makefile) is GNU-specific and does
not work on BSD distributions (i.e. macOS). Likewise with the xargs -r
flag. These changes use portable alternatives to these flags while
preserving the exact behavior.
Daniel Kahn Gillmor [Wed, 18 Mar 2020 17:11:53 +0000 (13:11 -0400)]
emacs: avoid warning about notmuch-show-get-message-id
Without this change, we see the following warning when compiling the
elisp:
```
EMACS emacs/notmuch-crypto.elc
In end of data:
emacs/notmuch-crypto.el:266:1:Warning: the function
‘notmuch-show-get-message-id’ is not known to be defined.
```
Thanks to Örjan Ekeberg and David Edmondson for their followup about
this.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Daniel Kahn Gillmor [Thu, 19 Mar 2020 05:41:45 +0000 (01:41 -0400)]
mime-node: Clean up unwrapped MIME parts correctly.
Avoid a memory leak in the notmuch command line.
gmime_multipart_encrypted_decrypt returns a GMimeObject marked by
GMime as "transfer full", so we are supposed to clean up after it.
When parsing a message, notmuch would leak one GMimeObject part per
multipart/encrypted MIME layer. We clean it up by analogy with
cleaning up the signature list associated with a MIME node.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Daniel Kahn Gillmor [Thu, 19 Mar 2020 05:41:44 +0000 (01:41 -0400)]
mime-node: rename decrypted_child to unwrapped_child
When walking the MIME tree, we might need to extract a new MIME
object. Thus far, we've only done it when decrypting
multipart/encrypted messages, but PKCS#7 (RFC 8551, S/MIME) has
several other transformations that warrant a comparable form of
unwrapping.
Make this member re-usable for PKCS#7 unwrappings as well as
multipart/encrypted decryptions.
This change is just a naming change, it has no effect on function.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Mark Walters [Thu, 27 Feb 2020 17:16:52 +0000 (17:16 +0000)]
notmuch-hello/jump: allow saved searches to specify unthreaded mode
Saved searches in notmuch-hello and notmuch-jump can specify whether
to use search mode or tree mode. This adds an option for them to
specify unthreaded mode.
Mark Walters [Thu, 27 Feb 2020 17:16:51 +0000 (17:16 +0000)]
Add a U binding to switch to unthreaded from other views
We have shortcuts S and Z to let the user switch to Search view and
Tree view with the current search. Add U to let the user switch to
unthreaded view from the current search, and ensure that S and Z
switch from unthreaded to search and tree veiew respectively.
Mark Walters [Thu, 27 Feb 2020 17:16:50 +0000 (17:16 +0000)]
Unthreaded mode: allow user to choose different `show out' than tree
Tree mode allows the user to choose whether to use the split screen
displaying just the current message or a full screen displaying the
entire thread. As unthreaded mode is quite different in use the user
may want a different customisation for this mode.
Mark Walters [Thu, 27 Feb 2020 17:16:49 +0000 (17:16 +0000)]
Unthreaded mode: allow different result format
It is likely that the user will want a different line format for
unthreaded mode from tree mode; in particular the thread structure
graphics are unnecessary in unthreaded mode.
Add a new customisable variable and set it to something sensible.
Mark Walters [Thu, 27 Feb 2020 17:16:48 +0000 (17:16 +0000)]
Introduce unthreaded mode
This commit introduces a new 'unthreaded' search mode where each
matching message is shown on a separate line. It shares almost all of
its code with tree view. Subsequent commits will allow it to diverge
slightly in appearance.
Mark Walters [Thu, 27 Feb 2020 17:16:47 +0000 (17:16 +0000)]
notmuch-show.c: add an option for messages to be returned unthreaded
This adds a --unthreaded option to notmuch show to tell it to return
the matching messages in an unthreaded order (so just by date).
To make it easier for users, in particular for notmuch-tree.el, we
output each message with the same "nesting" as if it were an entire
thread in its own right.
amended by db: s/status= /status = /
Daniel Kahn Gillmor [Wed, 18 Mar 2020 02:57:42 +0000 (22:57 -0400)]
Correct doxygen framing for libnotmuch.h
Apparently doxygen needs its comments formatted in a specific way to
notice that the group is closed.
Without this fix, with doxygen 1.8.16-2 we see:
```
doxygen ./doc/doxygen.cfg
…/notmuch/lib/notmuch.h:2322: warning: end of file while inside a group
```
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Daniel Kahn Gillmor [Wed, 18 Mar 2020 07:47:48 +0000 (03:47 -0400)]
mime-node: Pass the correct flags to g_mime_multipart_signed_verify
GMIME_ENCRYPT_NONE and GMIME_VERIFY_NONE have the same value, but they
are different enumerated types. So in C, this is a cosmetic change,
but it is technically correct if we only had stricter typing.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Daniel Kahn Gillmor [Wed, 18 Mar 2020 07:48:40 +0000 (03:48 -0400)]
tests/smime: fix typo in README
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseaman.net>
Daniel Kahn Gillmor [Wed, 18 Mar 2020 08:02:50 +0000 (04:02 -0400)]
configure: Check GMime version properly
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Daniel Kahn Gillmor [Tue, 18 Feb 2020 22:42:57 +0000 (17:42 -0500)]
Drop deprecated/unused crypto.gpg_path
crypto.gpg_path was only used when we built against gmime versions
before 3.0. Since we now depend on gmime 3.0.3 or later, it is
meaningless.
The removal of the field from the _notmuch_config struct would be an
ABI change if that struct were externally exposed, but it is not, so
it's safe to unilaterally remove it.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Peter Wang [Sat, 8 Feb 2020 01:49:22 +0000 (12:49 +1100)]
sprinter: change integer method to use int64_t
In particular, timestamps beyond 2038 could overflow the sprinter
interface on systems where time_t is 64-bit but 'int' is a signed 32-bit
integer type.
Peter Wang [Sat, 8 Feb 2020 01:49:21 +0000 (12:49 +1100)]
test: add known broken test with timestamp beyond 2038
Daniel Kahn Gillmor [Fri, 10 Jan 2020 18:58:07 +0000 (13:58 -0500)]
doc: clean up manpage description of "notmuch-config list" output
The escaping in the description of the output of "notmuch-config list"
appears to have been inherited from some previous attempts at
documentation. It leaked out in the actual generated manpage
documentation, where it looks like this:
list Every configuration item is printed to stdout, each on a
separate line of the form:
*section*.\ *item*\ =\ *value*
This simplification cleans up the overescaping.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Daniel Kahn Gillmor [Mon, 23 Dec 2019 20:14:38 +0000 (15:14 -0500)]
debian: add Build-Depends-Package for libnotmuch5.symbols
See lintian informational tag
symbols-file-missing-build-depends-package-field for hints about this
minor metadata update.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Steven Allen [Fri, 3 Jan 2020 17:04:00 +0000 (09:04 -0800)]
emacs: don't start processes stopped
It causes this function to fail with:
let: Wrong type argument: null, t
Support for this was removed from Emacs in April
2019 (
5c5e309527e6b582e2c04b83e7af45f3144863ac) because it never
worked correctly (apparently).
This also shouldn't be necessary as sentinels will not be called
unless emacs is idle or waiting for input. Therefore, the
`process-put' calls immediately following the `make-process' call
should always complete before the sentinel is first called.
Daniel Kahn Gillmor [Mon, 23 Dec 2019 17:39:27 +0000 (12:39 -0500)]
legacy-display: drop tests that try to match headers in a Legacy Display part
These tests were an attempt to establish that the content of the
"Legacy Display" part is the same as the actual protected headers of
the message. But this is more conservative than we need to be.
https://www.ietf.org/id/draft-autocrypt-lamps-protected-headers-02.html
section 5.3 makes clear that the Legacy Display part is purely
decorative, and section 5.2.1 clarifies that the detection can be done
purely by MIME structure and Content-Type alone.
Furthermore, now that we're accepting text/plain Legacy Display parts,
it's not clear the lines in the Legacy Display part should be
interpreted as needing an exact string match (e.g. "real" headers are
likely to be RFC 2047 encoded, but the text/plain Legacy Display part
probably should not be).
The concerns that motivated this test in the past were twofold: that
we might accidentally hide some information from the reader of the
message that they should have available to them, or that we could
introduce a covert channel that would be invisible to other clients.
I no longer think these are significant concerns:
a) There will be no accidental misidentification of a Legacy Display
part. The identification of the Legacy Display part is
unambiguous due to MIME structure and Content-Type. MIME
structure MUST be the first child part of a two-part
multipart/mixed Cryptographic Payload. And the
protected-headers=v1 content-type parameter must be present on
both the cryptographic payload and the legacy display part, so no
one would accidentally generate this structure and have it be
accidentally matched.
b) As for creating a covert channel, many such channels already
exist. For example, non-standard e-mail headers, custom MIME
types, unusual MIME structures, etc, all make it possible to ship
some content in a message that will be visible in some MUAs but
not in others. This doesn't make the situation demonstrably
worse.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Daniel Kahn Gillmor [Tue, 24 Dec 2019 22:05:44 +0000 (17:05 -0500)]
legacy-display: accept text/plain legacy display parts
https://www.ietf.org/id/draft-autocrypt-lamps-protected-headers-02.html
Makes it clear that the "Legacy Display" part of an encrypted message
with protected headers can (and indeed, should) be of content-type
text/plain, though some clients still generate the Legacy Display part
as content-type text/rfc822-headers. Notmuch should recognize the
part whichever of the two content-types it uses.
See also discussion in
https://github.com/autocrypt/protected-headers/issues/23 for why the
community of implementers is moving in the direction of text/plain.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Daniel Kahn Gillmor [Mon, 23 Dec 2019 21:35:40 +0000 (16:35 -0500)]
debian: Override lintian suggestion to move elpa-notmuch to Section: lisp
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Daniel Kahn Gillmor [Mon, 23 Dec 2019 21:06:48 +0000 (16:06 -0500)]
python/notmuch2: fix typo for "destroyed"
Another fix to the docstrings, this time for the English part of the
docstrings, not the Python class name. No functional changes here.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Daniel Kahn Gillmor [Mon, 23 Dec 2019 21:02:16 +0000 (16:02 -0500)]
python/notmuch2: fix typo for ObjectDestroyedError
There is no functional change here, just a fix to a typo in the
docstrings.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Daniel Kahn Gillmor [Mon, 9 Dec 2019 18:49:10 +0000 (13:49 -0500)]
debian: move packaging to dh 12
Daniel Kahn Gillmor [Mon, 9 Dec 2019 18:49:09 +0000 (13:49 -0500)]
debian elpa-notmuch: ship elisp and .png from "make install"
Rather than ship from the source directories, ship these files from
where they're installed by "make install".
This doesn't resolve all the dh_missing warnings yet (due to #946142),
but it leaves the last bit of that problem in the hands of the dh-elpa
package, and it's not due to notmuch's packaging any longer.
Note that notmuch-pkg.el is only relevant for elpa, so it was not
installed by "make install", and has to be extracted deliberately from
the source tree.
Note also that we now don't ship make-deps.el or rstdoc.el, as these
are build tools and don't belong in the deployed package.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Daniel Kahn Gillmor [Mon, 9 Dec 2019 18:49:08 +0000 (13:49 -0500)]
debian: ship info files in the standard location
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Daniel Kahn Gillmor [Mon, 9 Dec 2019 18:49:07 +0000 (13:49 -0500)]
debian: record upstream files which should not be installed by the package
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Daniel Kahn Gillmor [Wed, 4 Dec 2019 08:47:42 +0000 (03:47 -0500)]
debian: Remove python2 detritus
Since we removed python-notmuch, we do not need to retain this file
any longer.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Daniel Kahn Gillmor [Wed, 4 Dec 2019 08:47:41 +0000 (03:47 -0500)]
debian: ship notmuch-setup(1) as a copy of notmuch(1)
This was being shipped by "make install", but we weren't shipping it
in the debian package. Thanks to dh_missing for noticing!
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Daniel Kahn Gillmor [Wed, 4 Dec 2019 08:47:40 +0000 (03:47 -0500)]
debian: install notmuch(3) manpage in libnotmuch-dev
dh_missing noticed that we are building this manpage but not shipping
it in debian.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Daniel Kahn Gillmor [Wed, 4 Dec 2019 08:47:39 +0000 (03:47 -0500)]
debian: ship notmuch-emacs-mua.desktop from "make install" copy
This helps dh_missing know what's going on.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Daniel Kahn Gillmor [Wed, 4 Dec 2019 08:47:38 +0000 (03:47 -0500)]
debian: return an error if debian snapshot build fails
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Örjan Ekeberg [Thu, 12 Dec 2019 23:35:36 +0000 (00:35 +0100)]
test: extend test of attachment warnings
Check that attachment warnings are not raised when the word
"attach" only occurs in a forwarded message.
Örjan Ekeberg [Thu, 12 Dec 2019 23:35:35 +0000 (00:35 +0100)]
emacs: limit search for attachment to stop at first mime-part
This commit changes the behaviour of notmuch-mua-attachment-check
so that it stops searching for notmuch-mua-attachment-regexp when a
new mime-part is reached. This avoids false warnings when matching
words occur inside forwarded messages.
David Bremner [Mon, 18 Nov 2019 01:58:12 +0000 (21:58 -0400)]
test: add a known broken test for S/MIME decryption
This should serve to clarify this feature is not implimented in
notmuch yet.
David Edmondson [Thu, 12 Sep 2019 01:33:00 +0000 (21:33 -0400)]
emacs: Improve the reporting of key activity
Improve the information provided about key retrieval and key validity.
David Edmondson [Thu, 12 Sep 2019 01:32:59 +0000 (21:32 -0400)]
emacs: Add notmuch-crypto-gpg-program and use it
Allow the user to specify the gpg program to use when retrieving keys,
etc., defaulting to the value of `epg-gpg-program'.
David Edmondson [Thu, 12 Sep 2019 01:32:58 +0000 (21:32 -0400)]
emacs: Minor refactoring of crypto code
David Edmondson [Thu, 12 Sep 2019 01:32:57 +0000 (21:32 -0400)]
emacs: Asynchronous retrieval of GPG keys
Rather than blocking emacs while gpg does its' thing, by default run
key retrieval asynchronously, possibly updating the display of the
message on successful completion.
Tomi Ollila [Sun, 17 Nov 2019 21:24:41 +0000 (23:24 +0200)]
configure: fix reference to possibly undefined $PKG_CONFIG_PATH
In case zlib not found by pkg-config(1) the pkg-config information
is resolved by attempting to print ZLIB_VERSION from from zlib
installation if it exists anyway.
If above done successfully compat/zlib.pc is written for forthcoming
pkg-config execution.
Since `set -u` is in effect (since
124a67e96, 2016-05-06),
expanding unset $PKG_CONFIG_PATH (would have) failed whenever tried.
Now it is changed to set as "$PKG_CONFIG_PATH:compat" if PKG_CONFIG_PATH
is set and is non-empty string, plain "compat" otherwise.
Daniel Kahn Gillmor [Wed, 4 Dec 2019 07:07:49 +0000 (02:07 -0500)]
wrap-and-sort -ast
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Daniel Kahn Gillmor [Sun, 10 Nov 2019 17:37:48 +0000 (12:37 -0500)]
Add debian/upstream/metadata (for DEP-12)
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Daniel Kahn Gillmor [Sun, 10 Nov 2019 17:37:47 +0000 (12:37 -0500)]
debian/copyright: use secure git URL
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Daniel Kahn Gillmor [Sun, 10 Nov 2019 17:37:44 +0000 (12:37 -0500)]
Rules-Requires-Root: no (we do nothing as root during package build)
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Daniel Kahn Gillmor [Sun, 10 Nov 2019 17:37:43 +0000 (12:37 -0500)]
Standards-Version: bump to 4.4.1 (no changes needed)
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Oliver Kiddle [Thu, 14 Nov 2019 22:10:50 +0000 (23:10 +0100)]
configure: Install zsh completions where zsh will find them.
Zsh searches in the $fpath array for completion functions. By default
this includes $(prefix)/share/zsh/site-functions but not the existing
value. The prefix for zsh and notmuch isn't guaranteed to be the same
but it normally will be making this a better default for
zsh_completion_dir.
David Bremner [Tue, 26 Nov 2019 00:47:24 +0000 (20:47 -0400)]
python-cffi: use shutil.which
I was supposed to amend the original patch that added this function,
but somehow I botched that. The original version runs, so make an
extra commit for the tidying.
Floris Bruynooghe [Sun, 17 Nov 2019 19:24:46 +0000 (20:24 +0100)]
Move from _add_message to _index_file API
This moves away from the deprecated notmuch_database_add_message API
and instead uses the notmuch_database_index_file API. This means
instroducing a class to manage the index options and bumping the
library version requirement to 5.1.
Floris Bruynooghe [Sun, 17 Nov 2019 16:41:35 +0000 (17:41 +0100)]
Rename package to notmuch2
This is based on a previous discussion on the list where this was more
or less seen as the least-bad option.
Floris Bruynooghe [Sun, 17 Nov 2019 16:41:34 +0000 (17:41 +0100)]
Show which notmuch command and version is being used
This add the notmuch version and absolute path of the binary used
in the pytest header. This is nice when running the tests
interactively as you get confirmation you're testing the version you
thought you were testing.
David Bremner [Mon, 4 Nov 2019 10:39:50 +0000 (06:39 -0400)]
debian: add python3 dependencies for the new python bindings
These should generally match those in .travis.yml
David Bremner [Mon, 4 Nov 2019 02:09:45 +0000 (22:09 -0400)]
switch travis to bionic
This should solve the problem with pytest versions. Drop the notmuch
PPA, as (hopefully) we don't need those packages in bionic
David Bremner [Sun, 3 Nov 2019 18:19:26 +0000 (14:19 -0400)]
travis: add python3-{cffi,pytest,setuptools}, libpython3-all-dev
These are needed for building and testing the new python bindings.
David Bremner [Sun, 20 Oct 2019 02:10:24 +0000 (23:10 -0300)]
tests: run python-cffi tests
The entire python-cffi test suite is considered as a single test at
the level of the notmuch test suite. This might or might not be ideal,
but it gets them run.
David Bremner [Sun, 20 Oct 2019 01:52:56 +0000 (22:52 -0300)]
build: optionally build python-cffi bindings
Put the build product (and tests) in a well known location so that we
can find them e.g. from the tests.
David Bremner [Sun, 3 Nov 2019 14:54:10 +0000 (10:54 -0400)]
configure: check for python cffi and pytest modules
This is needed to build the new python bindings, and run their tests.
David Bremner [Sun, 3 Nov 2019 13:10:29 +0000 (09:10 -0400)]
bindings/python-cffi: preserve environment for tests
We'll need this e.g. to pass PATH to the pytest tests
Based on the suggested approach in id:87d0eljggj.fsf@powell.devork.be
Floris Bruynooghe [Tue, 8 Oct 2019 21:03:12 +0000 (23:03 +0200)]
Introduce CFFI-based python bindings
This introduces CFFI-based Python3-only bindings.
The bindings aim at:
- Better performance on pypy
- Easier to use Python-C interface
- More "pythonic"
- The API should not allow invalid operations
- Use native object protocol where possible
- Memory safety; whatever you do from python, it should not coredump.
William Casarin [Wed, 13 Nov 2019 22:57:52 +0000 (14:57 -0800)]
emacs: bind M-RET to notmuch-tree-from-search-thread
This is an unbound function that is quite useful. It opens a selected
thread in notmuch-tree from the current search query.
Signed-off-by: William Casarin <jb55@jb55.com>
David Edmondson [Mon, 2 Dec 2019 10:48:05 +0000 (10:48 +0000)]
emacs: A prefix argument kills rather than browsing URLs
In `notmuch-show', the "B" key (notmuch-show-browse-urls) will kill
the URL if called with a prefix argument rather than browsing
directly.
David Bremner [Wed, 27 Nov 2019 12:45:43 +0000 (08:45 -0400)]
Merge tag 'debian/0.29.3-1'
notmuch release 0.29.3-1 for unstable (sid) [dgit]
[dgit distro=debian no-split --quilt=linear]
David Bremner [Wed, 27 Nov 2019 12:20:31 +0000 (08:20 -0400)]
debian: changelog for 0.29.3
David Bremner [Wed, 27 Nov 2019 12:11:53 +0000 (08:11 -0400)]
mention python 2 changes
David Bremner [Wed, 27 Nov 2019 12:06:59 +0000 (08:06 -0400)]
version: bump to 0.29.3
David Bremner [Wed, 27 Nov 2019 12:06:15 +0000 (08:06 -0400)]
NEWS for 0.29.3
Ralph Seichter [Tue, 23 Jul 2019 20:48:23 +0000 (22:48 +0200)]
notmuch-dump.c: Fix output file being closed twice
Fixed: If the output file for a dump was non-writeable, gzclose_w()
was called twice on the output file handle, resulting in SIGABRT.
(cherry picked from commit
17806ecc955ce0375146ea1df51eae061a72bef8)
David Bremner [Mon, 25 Nov 2019 02:31:34 +0000 (22:31 -0400)]
lib: fix memory error in notmuch_config_list_value
The documentation for notmuch_config_list_key warns that that the
returned value will be destroyed by the next call to
notmuch_config_list_key, but it neglected to mention that calling
notmuch_config_list_value would also destroy it (by calling
notmuch_config_list_key). This is surprising, and caused a use after
free bug in _setup_user_query_fields (first noticed by an OpenBSD
porter, so kudos to the OpenBSD malloc implementation). This change
fixes that use-after-free bug.
Jakub Wilk [Wed, 20 Nov 2019 10:46:39 +0000 (11:46 +0100)]
python: make some docstrings raw
Fixes:
notmuch/message.py:57: DeprecationWarning: invalid escape sequence \s
notmuch/query.py:155: DeprecationWarning: invalid escape sequence \.
notmuch/messages.py:89: DeprecationWarning: invalid escape sequence \s
with Python >= 3.6.
David Bremner [Sun, 3 Nov 2019 12:09:13 +0000 (08:09 -0400)]
Merge tag 'debian/0.29.2-2'
notmuch release 0.29.2-2 for experimental (experimental) [dgit]
[dgit distro=debian no-split --quilt=linear]
David Bremner [Sat, 2 Nov 2019 20:33:20 +0000 (17:33 -0300)]
debian upload 0.29.2-2: goodbye python2 support
Convert to pybuild while we are at it.
David Bremner [Sun, 20 Oct 2019 01:25:24 +0000 (22:25 -0300)]
Merge tag '0.29.2'
notmuch 0.29.2 release
David Bremner [Sat, 19 Oct 2019 10:37:37 +0000 (07:37 -0300)]
update NEWS for 0.29.2
David Bremner [Sat, 19 Oct 2019 10:24:08 +0000 (07:24 -0300)]
Changelog stanza for 0.29.2-1
David Bremner [Sat, 19 Oct 2019 10:21:53 +0000 (07:21 -0300)]
bump version
Daniel Kahn Gillmor [Sun, 15 Sep 2019 18:02:03 +0000 (14:02 -0400)]
Drop devel/printmimestructure (it is in mailscripts 0.11)
mailscripts 0.11 now ships a derivative of devel/printmimestructure
called email-print-mime-structure. Maintenance for that utility will
happen in mailscripts from now on, so we should not track an
independent copy of it in notmuch's source tree.
See https://bugs.debian.org/939993 for more details about the
adoption.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
David Bremner [Sun, 13 Oct 2019 12:24:48 +0000 (09:24 -0300)]
Merge branch 'release'
David Bremner [Sun, 13 Oct 2019 12:18:24 +0000 (09:18 -0300)]
util: whitespace cleanup for
4c5b17b1
Oops. This should make the merge back to master smoother.
David Bremner [Sun, 22 Sep 2019 22:44:01 +0000 (19:44 -0300)]
util: unreference objects referenced by the returned stream obj
We want freeing the returned stream to also free these underlying
objects. Compare tests/test-filters.c in the gmime 3.2.x source, which
uses this same idiom.
Thanks to James Troup for the report and the fix.
David Bremner [Sun, 22 Sep 2019 22:44:00 +0000 (19:44 -0300)]
test: known broken test file descriptor leak in gzip file open
James Troup reported this bug in id:87pnjsf9q5.fsf@canonical.com
David Bremner [Tue, 24 Sep 2019 00:36:01 +0000 (21:36 -0300)]
Merge branch 'release'
David Bremner [Tue, 24 Sep 2019 00:34:07 +0000 (21:34 -0300)]
remove stray ` from NEWS
Daniel Kahn Gillmor [Tue, 28 May 2019 18:46:48 +0000 (14:46 -0400)]
cli/{show,reply}: use repaired form of "Mixed Up" mangled messages
When showing or replying to a message that has been mangled in transit
by an MTA in the "Mixed up" way, notmuch should instead use the
repaired form of the message.
Tracking the repaired GMimeObject for the lifetime of the mime_node so
that it is cleaned up properly is probably the trickiest part of this
patch, but the choices here are based on the idea that the
mime_node_context is the memory manager for the whole mime_node tree
in the first place, so new GMimeObject tree created on-the-fly during
message parsing should be disposed of in the same place.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Daniel Kahn Gillmor [Tue, 28 May 2019 18:42:26 +0000 (14:42 -0400)]
index: repair "Mixed Up" messages before indexing.
When encountering a message that has been mangled in the "mixed up"
way by an intermediate MTA, notmuch should instead repair it and index
the repaired form.
When it does this, it also associates the index.repaired=mixedup
property with the message. If a problem is found with this repair
process, or an improved repair process is proposed later, this should
make it easy for people to reindex the relevant message. The property
will also hopefully make it easier to diagnose this particular problem
in the future.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Daniel Kahn Gillmor [Tue, 28 May 2019 05:45:12 +0000 (01:45 -0400)]
util/repair: identify and repair "Mixed Up" mangled messages
Implement a functional identification and repair process for "Mixed
Up" MIME messages as described in
https://tools.ietf.org/html/draft-dkg-openpgp-pgpmime-message-mangling-00#section-4.1
The detection test is not entirely complete, in that it does not
verify the contents of the latter two message subparts, but this is
probably safe to skip, because those two parts are unlikely to be
readable anyway, and the only part we are effectively omitting (the
first subpart) is guaranteed to be empty anyway, so its removal can be
reversed if you want to do so. I've left FIXMEs in the code so that
anyone excited about adding these additional checks can see where to
put them in.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Daniel Kahn Gillmor [Tue, 28 May 2019 02:46:53 +0000 (22:46 -0400)]
test: add test for "Mixed-Up Mime" message mangling
Some MTAs mangle e-mail messages in transit in ways that are
repairable.
Microsoft Exchange (in particular, the version running today on
Office365's mailservers) appears to mangle multipart/encrypted
messages in a way that makes them undecryptable by the recipient.
I've documented this in section 4.1 "Mixed-up encryption" of draft -00
of
https://tools.ietf.org/html/draft-dkg-openpgp-pgpmime-message-mangling
Fortunately, it's possible to repair such a message, and notmuch can
do that so that a user who receives an encrypted message from a user
of office365.com can still decrypt the message.
Enigmail already knows about this particular kind of mangling. It
describes it as "broken PGP email format probably caused by an old
Exchange server", and it tries to repair by directly changing the
message held by the user. if this kind of repair goes wrong, the
repair process can cause data loss
(https://sourceforge.net/p/enigmail/bugs/987/, yikes).
The tests introduced here are currently broken. In subsequent
patches, i'll introduce a non-destructive form of repair for notmuch
so that notmuch users can read mail that has been mangled in this way,
and the tests will succeed.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Tomi Ollila [Sun, 1 Sep 2019 20:09:46 +0000 (23:09 +0300)]
configure: disallow whitespace in paths, extend checks to $PWD
Whitespace in $NOTMUCH_SRCDIR (and $PWD) may work in builds,
but definitely will not work in tests. It would be difficult
to make tests support whitespace in test filename paths -- and
fragile to maintain if done.
So it is just easier and safer to disallow whitespace there.
In case of out of tree build $NOTMUCH_SRCDIR differs from $PWD
(current directory). Extend this whitespace, and also previously
made unsafe characters check to $PWD too.
Daniel Kahn Gillmor [Thu, 29 Aug 2019 15:38:53 +0000 (11:38 -0400)]
index: avoid indexing legacy-display parts
When we notice a legacy-display part during indexing, it makes more
sense to avoid indexing it as part of the message body.
Given that the protected subject will already be indexed, there is no
need to index this part at all, so we skip over it.
If this happens during indexing, we set a property on the message:
index.repaired=skip-protected-headers-legacy-display
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Daniel Kahn Gillmor [Thu, 29 Aug 2019 15:38:52 +0000 (11:38 -0400)]
cli/{show,reply}: skip over legacy-display parts
Make use of the previous changes to fast-forward past any
legacy-display parts during "notmuch show" and "notmuch reply".
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Daniel Kahn Gillmor [Thu, 29 Aug 2019 15:38:51 +0000 (11:38 -0400)]
util/repair: add _notmuch_repair_crypto_payload_skip_legacy_display
This is a utility function designed to make it easier to
"fast-forward" past a legacy-display part associated with a
cryptographic envelope, and show the user the intended message body.
The bulk of the ugliness in here is in the test function
_notmuch_crypto_payload_has_legacy_display, which tests all of the
things we'd expect to be true in a a cryptographic payload that
contains a legacy display part.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Daniel Kahn Gillmor [Thu, 29 Aug 2019 15:38:50 +0000 (11:38 -0400)]
util/crypto: _n_m_crypto_potential_payload returns whether part is the payload
Our _notmuch_message_crypto_potential_payload implementation could
only return a failure if bad arguments were passed to it. It is an
internal function, so if that happens it's an entirely internal bug
for notmuch.
It will be more useful for this function to return whether or not the
part is in fact a cryptographic payload, so we dispense with the
status return.
If some future change suggests adding a status return back, there are
only a handful of call sites, and no pressure to retain a stable API,
so it could be changed easily. But for now, go with the simpler
function.
We will use this return value in future patches, to make different
decisions based on whether a part is the cryptographic payload or not.
But for now, we just leave the places where it gets invoked marked
with (void) to show that the result is ignored.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Daniel Kahn Gillmor [Thu, 29 Aug 2019 15:38:49 +0000 (11:38 -0400)]
util/crypto: _n_m_crypto_potential_payload: rename "payload" arg to "part"
_notmuch_message_crypto_potential_payload is called on a GMimeObject
while walking the MIME tree of a message to determine whether that
object is the payload. It doesn't make sense to name the argument
"payload" if it might not be the payload, so we rename it to "part"
for clarity.
This is a non-functional change, just semantic cleanup.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Daniel Kahn Gillmor [Thu, 29 Aug 2019 15:38:48 +0000 (11:38 -0400)]
test: avoid showing legacy-display parts
Enigmail generates a "legacy-display" part when it sends encrypted
mail with a protected Subject: header. This part is intended to
display the Subject for mail user agents that are capable of
decryption, but do not know how to deal with embedded protected
headers.
This part is the first child of a two-part multipart/mixed
cryptographic payload within a cryptographic envelope that includes
encryption (that is, it is not just a cleartext signed message). It
uses Content-Type: text/rfc822-headers.
That is:
A └┬╴multipart/encrypted
B ├─╴application/pgp-encrypted
C └┬╴application/octet-stream
* ╤ <decryption>
D └┬╴multipart/mixed; protected-headers=v1 (cryptographic payload)
E ├─╴text/rfc822-headers; protected-headers=v1 (legacy-display part)
F └─╴… (actual message body)
In discussions with jrollins, i've come to the conclusion that a
legacy-display part should be stripped entirely from "notmuch show"
and "notmuch reply" now that these tools can understand and interpret
protected headers.
You can tell when a message part is a protected header part this way:
* is the payload (D) multipart/mixed with exactly two children?
* is its first child (E) Content-Type: text/rfc822-headers?
* does the first child (E) have the property protected-headers=v1?
* do all the headers in the body of the first child (E) match
the protected headers in the payload part (D) itself?
If this is the case, and we already know how to deal with the
protected header, then there is no reason to try to render the
legacy-display part itself for the user.
Furthermore, when indexing, if we are indexing properly, we should
avoid indexing the text in E as part of the message body.
'notmuch reply' is an interesting case: the standard use of 'notmuch
reply' will end up omitting all mention of protected Subject:.
The right fix is for the replying MUA to be able to protect its
headers, and for it to set them appropriately based on headers found
in the original message.
If a replying MUA is unable to protect headers, but still wants the
user to be able to see the original header, a replying MUA that
notices that the original message's subject differs from the proposed
reply subject may choose to include the original's subject in the
quoted/attributed text. (this would be a stopgap measure; it's not
even clear that there is user demand for it)
This test suite change indicates what we want to happen for this case
(the tests are currently broken), and includes three additional TODO
suggestions of subtle cases for anyone who wants to flesh out the test
suite even further. (i believe all these cases should be already
fixed by the rest of this series, but haven't had time to write the
tests for the unusual cases)
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Daniel Kahn Gillmor [Thu, 29 Aug 2019 15:38:47 +0000 (11:38 -0400)]
repair: set up codebase for repair functionality
This adds no functionality directly, but is a useful starting point
for adding new repair functionality.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Daniel Kahn Gillmor [Thu, 29 Aug 2019 15:38:46 +0000 (11:38 -0400)]
mime-node: split out _mime_node_set_up_part
This is a code reorganization that should have no functional effect,
but will make future changes simpler, because a future commit will
reuse the _mime_node_set_up_part functionality without touching
_mime_node_create.
In the course of splitting out this function, I noticed a comment in
the codebase that referred to an older name of _mime_node_create
(message_part_create), where this functionality originally resided.
I've fixed that comment to refer to the new function instead.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Tomi Ollila [Mon, 26 Aug 2019 17:03:46 +0000 (20:03 +0300)]
configure: fix out of tree build; check unsafe characters in srcdir
While check for GMime session key extraction support... was made
out of tree build compatible, related (and some unrelated) unsafe
characters are now checked in notmuch source directory path.
The known unsafe characters in NOTMUCH_SRCDIR are:
- Single quote (') -- NOTMUCH_SRCDIR='${NOTMUCH_SRCDIR}'
is written to sh.config in configure line 1328.
- Double quote (") -- configure line 521 *now* writes "$srcdir"
into generated c source file ($NOTMUCH_SRCDIR includes $srcdir).
- Backslash (\) could also be problematic in configure line 521.
- The added $ and ` are potentially unsafe -- inside double quotes
in shell script those have special meaning.
Other characters don't expand inside double quoted strings.
Ralph Seichter [Tue, 23 Jul 2019 20:48:23 +0000 (22:48 +0200)]
notmuch-dump.c: Fix output file being closed twice
Fixed: If the output file for a dump was non-writeable, gzclose_w()
was called twice on the output file handle, resulting in SIGABRT.
David Bremner [Sun, 21 Jul 2019 19:15:19 +0000 (16:15 -0300)]
Merge branch 'release'
Debian upload 0.29.1-2
David Bremner [Sun, 21 Jul 2019 19:06:41 +0000 (16:06 -0300)]
Merge branch 'debian/unstable' into release