notmuch
15 hours agoconfigure: fix reference to possibly undefined $PKG_CONFIG_PATH master
Tomi Ollila [Sun, 17 Nov 2019 21:24:41 +0000 (23:24 +0200)]
configure: fix reference to possibly undefined $PKG_CONFIG_PATH

In case zlib not found by pkg-config(1) the pkg-config information
is resolved by attempting to print ZLIB_VERSION from from zlib
installation if it exists anyway.

If above done successfully compat/zlib.pc is written for forthcoming
pkg-config execution.

Since `set -u` is in effect (since 124a67e96, 2016-05-06),
expanding unset $PKG_CONFIG_PATH (would have) failed whenever tried.

Now it is changed to set as "$PKG_CONFIG_PATH:compat" if PKG_CONFIG_PATH
is set and is non-empty string, plain "compat" otherwise.

5 days agowrap-and-sort -ast
Daniel Kahn Gillmor [Wed, 4 Dec 2019 07:07:49 +0000 (02:07 -0500)]
wrap-and-sort -ast

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
6 days agoAdd debian/upstream/metadata (for DEP-12)
Daniel Kahn Gillmor [Sun, 10 Nov 2019 17:37:48 +0000 (12:37 -0500)]
Add debian/upstream/metadata (for DEP-12)

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
6 days agodebian/copyright: use secure git URL
Daniel Kahn Gillmor [Sun, 10 Nov 2019 17:37:47 +0000 (12:37 -0500)]
debian/copyright: use secure git URL

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
6 days agoRules-Requires-Root: no (we do nothing as root during package build)
Daniel Kahn Gillmor [Sun, 10 Nov 2019 17:37:44 +0000 (12:37 -0500)]
Rules-Requires-Root: no (we do nothing as root during package build)

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
6 days agoStandards-Version: bump to 4.4.1 (no changes needed)
Daniel Kahn Gillmor [Sun, 10 Nov 2019 17:37:43 +0000 (12:37 -0500)]
Standards-Version: bump to 4.4.1 (no changes needed)

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
6 days agoconfigure: Install zsh completions where zsh will find them.
Oliver Kiddle [Thu, 14 Nov 2019 22:10:50 +0000 (23:10 +0100)]
configure: Install zsh completions where zsh will find them.

Zsh searches in the $fpath array for completion functions. By default
this includes $(prefix)/share/zsh/site-functions but not the existing
value. The prefix for zsh and notmuch isn't guaranteed to be the same
but it normally will be making this a better default for
zsh_completion_dir.

6 days agopython-cffi: use shutil.which
David Bremner [Tue, 26 Nov 2019 00:47:24 +0000 (20:47 -0400)]
python-cffi: use shutil.which

I was supposed to amend the original patch that added this function,
but somehow I botched that. The original version runs, so make an
extra commit for the tidying.

6 days agoMove from _add_message to _index_file API
Floris Bruynooghe [Sun, 17 Nov 2019 19:24:46 +0000 (20:24 +0100)]
Move from _add_message to _index_file API

This moves away from the deprecated notmuch_database_add_message API
and instead uses the notmuch_database_index_file API.  This means
instroducing a class to manage the index options and bumping the
library version requirement to 5.1.

6 days agoRename package to notmuch2
Floris Bruynooghe [Sun, 17 Nov 2019 16:41:35 +0000 (17:41 +0100)]
Rename package to notmuch2

This is based on a previous discussion on the list where this was more
or less seen as the least-bad option.

6 days agoShow which notmuch command and version is being used
Floris Bruynooghe [Sun, 17 Nov 2019 16:41:34 +0000 (17:41 +0100)]
Show which notmuch command and version is being used

This add the notmuch version and absolute path of the binary used
in the pytest header.  This is nice when running the tests
interactively as you get confirmation you're testing the version you
thought you were testing.

6 days agodebian: add python3 dependencies for the new python bindings
David Bremner [Mon, 4 Nov 2019 10:39:50 +0000 (06:39 -0400)]
debian: add python3 dependencies for the new python bindings

These should generally match those in .travis.yml

6 days agoswitch travis to bionic
David Bremner [Mon, 4 Nov 2019 02:09:45 +0000 (22:09 -0400)]
switch travis to bionic

This should solve the problem with pytest versions. Drop the notmuch
PPA, as (hopefully) we don't need those packages in bionic

6 days agotravis: add python3-{cffi,pytest,setuptools}, libpython3-all-dev
David Bremner [Sun, 3 Nov 2019 18:19:26 +0000 (14:19 -0400)]
travis: add python3-{cffi,pytest,setuptools}, libpython3-all-dev

These are needed for building and testing the new python bindings.

6 days agotests: run python-cffi tests
David Bremner [Sun, 20 Oct 2019 02:10:24 +0000 (23:10 -0300)]
tests: run python-cffi tests

The entire python-cffi test suite is considered as a single test at
the level of the notmuch test suite. This might or might not be ideal,
but it gets them run.

6 days agobuild: optionally build python-cffi bindings
David Bremner [Sun, 20 Oct 2019 01:52:56 +0000 (22:52 -0300)]
build: optionally build python-cffi bindings

Put the build product (and tests) in a well known location so that we
can find them e.g. from the tests.

6 days agoconfigure: check for python cffi and pytest modules
David Bremner [Sun, 3 Nov 2019 14:54:10 +0000 (10:54 -0400)]
configure: check for python cffi and pytest modules

This is needed to build the new python bindings, and run their tests.

6 days agobindings/python-cffi: preserve environment for tests
David Bremner [Sun, 3 Nov 2019 13:10:29 +0000 (09:10 -0400)]
bindings/python-cffi: preserve environment for tests

We'll need this e.g. to pass PATH to the pytest tests

Based on the suggested approach in id:87d0eljggj.fsf@powell.devork.be

6 days agoIntroduce CFFI-based python bindings
Floris Bruynooghe [Tue, 8 Oct 2019 21:03:12 +0000 (23:03 +0200)]
Introduce CFFI-based python bindings

This introduces CFFI-based Python3-only bindings.
The bindings aim at:
- Better performance on pypy
- Easier to use Python-C interface
- More "pythonic"
  - The API should not allow invalid operations
  - Use native object protocol where possible
- Memory safety; whatever you do from python, it should not coredump.

6 days agoemacs: bind M-RET to notmuch-tree-from-search-thread
William Casarin [Wed, 13 Nov 2019 22:57:52 +0000 (14:57 -0800)]
emacs: bind M-RET to notmuch-tree-from-search-thread

This is an unbound function that is quite useful. It opens a selected
thread in notmuch-tree from the current search query.

Signed-off-by: William Casarin <jb55@jb55.com>
6 days agoemacs: A prefix argument kills rather than browsing URLs
David Edmondson [Mon, 2 Dec 2019 10:48:05 +0000 (10:48 +0000)]
emacs: A prefix argument kills rather than browsing URLs

In `notmuch-show', the "B" key (notmuch-show-browse-urls) will kill
the URL if called with a prefix argument rather than browsing
directly.

12 days agoMerge tag 'debian/0.29.3-1'
David Bremner [Wed, 27 Nov 2019 12:45:43 +0000 (08:45 -0400)]
Merge tag 'debian/0.29.3-1'

notmuch release 0.29.3-1 for unstable (sid) [dgit]

[dgit distro=debian no-split --quilt=linear]

12 days agodebian: changelog for 0.29.3 release 0.29.3 archive/debian/0.29.3-1 debian/0.29.3-1
David Bremner [Wed, 27 Nov 2019 12:20:31 +0000 (08:20 -0400)]
debian: changelog for 0.29.3

12 days agomention python 2 changes
David Bremner [Wed, 27 Nov 2019 12:11:53 +0000 (08:11 -0400)]
mention python 2 changes

12 days agoversion: bump to 0.29.3
David Bremner [Wed, 27 Nov 2019 12:06:59 +0000 (08:06 -0400)]
version: bump to 0.29.3

12 days agoNEWS for 0.29.3
David Bremner [Wed, 27 Nov 2019 12:06:15 +0000 (08:06 -0400)]
NEWS for 0.29.3

12 days agonotmuch-dump.c: Fix output file being closed twice
Ralph Seichter [Tue, 23 Jul 2019 20:48:23 +0000 (22:48 +0200)]
notmuch-dump.c: Fix output file being closed twice

Fixed: If the output file for a dump was non-writeable, gzclose_w()
was called twice on the output file handle, resulting in SIGABRT.

(cherry picked from commit 17806ecc955ce0375146ea1df51eae061a72bef8)

12 days agolib: fix memory error in notmuch_config_list_value
David Bremner [Mon, 25 Nov 2019 02:31:34 +0000 (22:31 -0400)]
lib: fix memory error in notmuch_config_list_value

The documentation for notmuch_config_list_key warns that that the
returned value will be destroyed by the next call to
notmuch_config_list_key, but it neglected to mention that calling
notmuch_config_list_value would also destroy it (by calling
notmuch_config_list_key). This is surprising, and caused a use after
free bug in _setup_user_query_fields (first noticed by an OpenBSD
porter, so kudos to the OpenBSD malloc implementation).  This change
fixes that use-after-free bug.

2 weeks agopython: make some docstrings raw
Jakub Wilk [Wed, 20 Nov 2019 10:46:39 +0000 (11:46 +0100)]
python: make some docstrings raw

Fixes:

    notmuch/message.py:57: DeprecationWarning: invalid escape sequence \s
    notmuch/query.py:155: DeprecationWarning: invalid escape sequence \.
    notmuch/messages.py:89: DeprecationWarning: invalid escape sequence \s

with Python >= 3.6.

5 weeks agoMerge tag 'debian/0.29.2-2'
David Bremner [Sun, 3 Nov 2019 12:09:13 +0000 (08:09 -0400)]
Merge tag 'debian/0.29.2-2'

notmuch release 0.29.2-2 for experimental (experimental) [dgit]

[dgit distro=debian no-split --quilt=linear]

5 weeks agodebian upload 0.29.2-2: goodbye python2 support archive/debian/0.29.2-2 debian/0.29.2-2
David Bremner [Sat, 2 Nov 2019 20:33:20 +0000 (17:33 -0300)]
debian upload 0.29.2-2: goodbye python2 support

Convert to pybuild while we are at it.

7 weeks agoMerge tag '0.29.2'
David Bremner [Sun, 20 Oct 2019 01:25:24 +0000 (22:25 -0300)]
Merge tag '0.29.2'

notmuch 0.29.2 release

7 weeks agoupdate NEWS for 0.29.2 0.29.2 archive/debian/0.29.2-1 debian/0.29.2-1
David Bremner [Sat, 19 Oct 2019 10:37:37 +0000 (07:37 -0300)]
update NEWS for 0.29.2

7 weeks agoChangelog stanza for 0.29.2-1
David Bremner [Sat, 19 Oct 2019 10:24:08 +0000 (07:24 -0300)]
Changelog stanza for 0.29.2-1

7 weeks agobump version
David Bremner [Sat, 19 Oct 2019 10:21:53 +0000 (07:21 -0300)]
bump version

8 weeks agoDrop devel/printmimestructure (it is in mailscripts 0.11)
Daniel Kahn Gillmor [Sun, 15 Sep 2019 18:02:03 +0000 (14:02 -0400)]
Drop devel/printmimestructure (it is in mailscripts 0.11)

mailscripts 0.11 now ships a derivative of devel/printmimestructure
called email-print-mime-structure.  Maintenance for that utility will
happen in mailscripts from now on, so we should not track an
independent copy of it in notmuch's source tree.

See https://bugs.debian.org/939993 for more details about the
adoption.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
8 weeks agoMerge branch 'release'
David Bremner [Sun, 13 Oct 2019 12:24:48 +0000 (09:24 -0300)]
Merge branch 'release'

8 weeks agoutil: whitespace cleanup for 4c5b17b1
David Bremner [Sun, 13 Oct 2019 12:18:24 +0000 (09:18 -0300)]
util: whitespace cleanup for 4c5b17b1

Oops. This should make the merge back to master smoother.

8 weeks agoutil: unreference objects referenced by the returned stream obj
David Bremner [Sun, 22 Sep 2019 22:44:01 +0000 (19:44 -0300)]
util: unreference objects referenced by the returned stream obj

We want freeing the returned stream to also free these underlying
objects. Compare tests/test-filters.c in the gmime 3.2.x source, which
uses this same idiom.

Thanks to James Troup for the report and the fix.

8 weeks agotest: known broken test file descriptor leak in gzip file open
David Bremner [Sun, 22 Sep 2019 22:44:00 +0000 (19:44 -0300)]
test: known broken test file descriptor leak in gzip file open

James Troup reported this bug in id:87pnjsf9q5.fsf@canonical.com

2 months agoMerge branch 'release'
David Bremner [Tue, 24 Sep 2019 00:36:01 +0000 (21:36 -0300)]
Merge branch 'release'

2 months agoremove stray ` from NEWS
David Bremner [Tue, 24 Sep 2019 00:34:07 +0000 (21:34 -0300)]
remove stray ` from NEWS

2 months agocli/{show,reply}: use repaired form of "Mixed Up" mangled messages
Daniel Kahn Gillmor [Tue, 28 May 2019 18:46:48 +0000 (14:46 -0400)]
cli/{show,reply}: use repaired form of "Mixed Up" mangled messages

When showing or replying to a message that has been mangled in transit
by an MTA in the "Mixed up" way, notmuch should instead use the
repaired form of the message.

Tracking the repaired GMimeObject for the lifetime of the mime_node so
that it is cleaned up properly is probably the trickiest part of this
patch, but the choices here are based on the idea that the
mime_node_context is the memory manager for the whole mime_node tree
in the first place, so new GMimeObject tree created on-the-fly during
message parsing should be disposed of in the same place.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2 months agoindex: repair "Mixed Up" messages before indexing.
Daniel Kahn Gillmor [Tue, 28 May 2019 18:42:26 +0000 (14:42 -0400)]
index: repair "Mixed Up" messages before indexing.

When encountering a message that has been mangled in the "mixed up"
way by an intermediate MTA, notmuch should instead repair it and index
the repaired form.

When it does this, it also associates the index.repaired=mixedup
property with the message.  If a problem is found with this repair
process, or an improved repair process is proposed later, this should
make it easy for people to reindex the relevant message.  The property
will also hopefully make it easier to diagnose this particular problem
in the future.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2 months agoutil/repair: identify and repair "Mixed Up" mangled messages
Daniel Kahn Gillmor [Tue, 28 May 2019 05:45:12 +0000 (01:45 -0400)]
util/repair: identify and repair "Mixed Up" mangled messages

Implement a functional identification and repair process for "Mixed
Up" MIME messages as described in
https://tools.ietf.org/html/draft-dkg-openpgp-pgpmime-message-mangling-00#section-4.1

The detection test is not entirely complete, in that it does not
verify the contents of the latter two message subparts, but this is
probably safe to skip, because those two parts are unlikely to be
readable anyway, and the only part we are effectively omitting (the
first subpart) is guaranteed to be empty anyway, so its removal can be
reversed if you want to do so.  I've left FIXMEs in the code so that
anyone excited about adding these additional checks can see where to
put them in.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2 months agotest: add test for "Mixed-Up Mime" message mangling
Daniel Kahn Gillmor [Tue, 28 May 2019 02:46:53 +0000 (22:46 -0400)]
test: add test for "Mixed-Up Mime" message mangling

Some MTAs mangle e-mail messages in transit in ways that are
repairable.

Microsoft Exchange (in particular, the version running today on
Office365's mailservers) appears to mangle multipart/encrypted
messages in a way that makes them undecryptable by the recipient.

I've documented this in section 4.1 "Mixed-up encryption" of draft -00
of
https://tools.ietf.org/html/draft-dkg-openpgp-pgpmime-message-mangling

Fortunately, it's possible to repair such a message, and notmuch can
do that so that a user who receives an encrypted message from a user
of office365.com can still decrypt the message.

Enigmail already knows about this particular kind of mangling.  It
describes it as "broken PGP email format probably caused by an old
Exchange server", and it tries to repair by directly changing the
message held by the user.  if this kind of repair goes wrong, the
repair process can cause data loss
(https://sourceforge.net/p/enigmail/bugs/987/, yikes).

The tests introduced here are currently broken.  In subsequent
patches, i'll introduce a non-destructive form of repair for notmuch
so that notmuch users can read mail that has been mangled in this way,
and the tests will succeed.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2 months agoconfigure: disallow whitespace in paths, extend checks to $PWD
Tomi Ollila [Sun, 1 Sep 2019 20:09:46 +0000 (23:09 +0300)]
configure: disallow whitespace in paths, extend checks to $PWD

Whitespace in $NOTMUCH_SRCDIR (and $PWD) may work in builds,
but definitely will not work in tests. It would be difficult
to make tests support whitespace in test filename paths -- and
fragile to maintain if done.

So it is just easier and safer to disallow whitespace there.

In case of out of tree build $NOTMUCH_SRCDIR differs from $PWD
(current directory). Extend this whitespace, and also previously
made unsafe characters check to $PWD too.

3 months agoindex: avoid indexing legacy-display parts
Daniel Kahn Gillmor [Thu, 29 Aug 2019 15:38:53 +0000 (11:38 -0400)]
index: avoid indexing legacy-display parts

When we notice a legacy-display part during indexing, it makes more
sense to avoid indexing it as part of the message body.

Given that the protected subject will already be indexed, there is no
need to index this part at all, so we skip over it.

If this happens during indexing, we set a property on the message:
index.repaired=skip-protected-headers-legacy-display

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
3 months agocli/{show,reply}: skip over legacy-display parts
Daniel Kahn Gillmor [Thu, 29 Aug 2019 15:38:52 +0000 (11:38 -0400)]
cli/{show,reply}: skip over legacy-display parts

Make use of the previous changes to fast-forward past any
legacy-display parts during "notmuch show" and "notmuch reply".

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
3 months agoutil/repair: add _notmuch_repair_crypto_payload_skip_legacy_display
Daniel Kahn Gillmor [Thu, 29 Aug 2019 15:38:51 +0000 (11:38 -0400)]
util/repair: add _notmuch_repair_crypto_payload_skip_legacy_display

This is a utility function designed to make it easier to
"fast-forward" past a legacy-display part associated with a
cryptographic envelope, and show the user the intended message body.

The bulk of the ugliness in here is in the test function
_notmuch_crypto_payload_has_legacy_display, which tests all of the
things we'd expect to be true in a a cryptographic payload that
contains a legacy display part.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
3 months agoutil/crypto: _n_m_crypto_potential_payload returns whether part is the payload
Daniel Kahn Gillmor [Thu, 29 Aug 2019 15:38:50 +0000 (11:38 -0400)]
util/crypto: _n_m_crypto_potential_payload returns whether part is the payload

Our _notmuch_message_crypto_potential_payload implementation could
only return a failure if bad arguments were passed to it.  It is an
internal function, so if that happens it's an entirely internal bug
for notmuch.

It will be more useful for this function to return whether or not the
part is in fact a cryptographic payload, so we dispense with the
status return.

If some future change suggests adding a status return back, there are
only a handful of call sites, and no pressure to retain a stable API,
so it could be changed easily. But for now, go with the simpler
function.

We will use this return value in future patches, to make different
decisions based on whether a part is the cryptographic payload or not.
But for now, we just leave the places where it gets invoked marked
with (void) to show that the result is ignored.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
3 months agoutil/crypto: _n_m_crypto_potential_payload: rename "payload" arg to "part"
Daniel Kahn Gillmor [Thu, 29 Aug 2019 15:38:49 +0000 (11:38 -0400)]
util/crypto: _n_m_crypto_potential_payload: rename "payload" arg to "part"

_notmuch_message_crypto_potential_payload is called on a GMimeObject
while walking the MIME tree of a message to determine whether that
object is the payload.  It doesn't make sense to name the argument
"payload" if it might not be the payload, so we rename it to "part"
for clarity.

This is a non-functional change, just semantic cleanup.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
3 months agotest: avoid showing legacy-display parts
Daniel Kahn Gillmor [Thu, 29 Aug 2019 15:38:48 +0000 (11:38 -0400)]
test: avoid showing legacy-display parts

Enigmail generates a "legacy-display" part when it sends encrypted
mail with a protected Subject: header.  This part is intended to
display the Subject for mail user agents that are capable of
decryption, but do not know how to deal with embedded protected
headers.

This part is the first child of a two-part multipart/mixed
cryptographic payload within a cryptographic envelope that includes
encryption (that is, it is not just a cleartext signed message).  It
uses Content-Type: text/rfc822-headers.

That is:

A └┬╴multipart/encrypted
B  ├─╴application/pgp-encrypted
C  └┬╴application/octet-stream
*   ╤ <decryption>
D   └┬╴multipart/mixed; protected-headers=v1 (cryptographic payload)
E    ├─╴text/rfc822-headers; protected-headers=v1 (legacy-display part)
F    └─╴… (actual message body)

In discussions with jrollins, i've come to the conclusion that a
legacy-display part should be stripped entirely from "notmuch show"
and "notmuch reply" now that these tools can understand and interpret
protected headers.

You can tell when a message part is a protected header part this way:

 * is the payload (D) multipart/mixed with exactly two children?
 * is its first child (E) Content-Type: text/rfc822-headers?
 * does the first child (E) have the property protected-headers=v1?
 * do all the headers in the body of the first child (E) match
   the protected headers in the payload part (D) itself?

If this is the case, and we already know how to deal with the
protected header, then there is no reason to try to render the
legacy-display part itself for the user.

Furthermore, when indexing, if we are indexing properly, we should
avoid indexing the text in E as part of the message body.

'notmuch reply' is an interesting case: the standard use of 'notmuch
reply' will end up omitting all mention of protected Subject:.

The right fix is for the replying MUA to be able to protect its
headers, and for it to set them appropriately based on headers found
in the original message.

If a replying MUA is unable to protect headers, but still wants the
user to be able to see the original header, a replying MUA that
notices that the original message's subject differs from the proposed
reply subject may choose to include the original's subject in the
quoted/attributed text. (this would be a stopgap measure; it's not
even clear that there is user demand for it)

This test suite change indicates what we want to happen for this case
(the tests are currently broken), and includes three additional TODO
suggestions of subtle cases for anyone who wants to flesh out the test
suite even further.  (i believe all these cases should be already
fixed by the rest of this series, but haven't had time to write the
tests for the unusual cases)

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
3 months agorepair: set up codebase for repair functionality
Daniel Kahn Gillmor [Thu, 29 Aug 2019 15:38:47 +0000 (11:38 -0400)]
repair: set up codebase for repair functionality

This adds no functionality directly, but is a useful starting point
for adding new repair functionality.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
3 months agomime-node: split out _mime_node_set_up_part
Daniel Kahn Gillmor [Thu, 29 Aug 2019 15:38:46 +0000 (11:38 -0400)]
mime-node: split out _mime_node_set_up_part

This is a code reorganization that should have no functional effect,
but will make future changes simpler, because a future commit will
reuse the _mime_node_set_up_part functionality without touching
_mime_node_create.

In the course of splitting out this function, I noticed a comment in
the codebase that referred to an older name of _mime_node_create
(message_part_create), where this functionality originally resided.
I've fixed that comment to refer to the new function instead.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
3 months agoconfigure: fix out of tree build; check unsafe characters in srcdir
Tomi Ollila [Mon, 26 Aug 2019 17:03:46 +0000 (20:03 +0300)]
configure: fix out of tree build; check unsafe characters in srcdir

While check for GMime session key extraction support... was made
out of tree build compatible, related (and some unrelated) unsafe
characters are now checked in notmuch source directory path.

The known unsafe characters in NOTMUCH_SRCDIR are:

- Single quote (') -- NOTMUCH_SRCDIR='${NOTMUCH_SRCDIR}'
  is written to sh.config in configure line 1328.

- Double quote (") -- configure line 521 *now* writes "$srcdir"
  into generated c source file ($NOTMUCH_SRCDIR includes $srcdir).

- Backslash (\) could also be problematic in configure line 521.

- The added $ and ` are potentially unsafe -- inside double quotes
  in shell script those have special meaning.

  Other characters don't expand inside double quoted strings.

4 months agonotmuch-dump.c: Fix output file being closed twice
Ralph Seichter [Tue, 23 Jul 2019 20:48:23 +0000 (22:48 +0200)]
notmuch-dump.c: Fix output file being closed twice

Fixed: If the output file for a dump was non-writeable, gzclose_w()
was called twice on the output file handle, resulting in SIGABRT.

4 months agoMerge branch 'release'
David Bremner [Sun, 21 Jul 2019 19:15:19 +0000 (16:15 -0300)]
Merge branch 'release'

Debian upload 0.29.1-2

4 months agoMerge branch 'debian/unstable' into release
David Bremner [Sun, 21 Jul 2019 19:06:41 +0000 (16:06 -0300)]
Merge branch 'debian/unstable' into release

4 months agodebian: Changelog for re-upload to unstable debian/unstable archive/debian/0.29.1-2 debian/0.29.1-2
David Bremner [Sun, 21 Jul 2019 14:49:38 +0000 (11:49 -0300)]
debian: Changelog for re-upload to unstable

5 months agotest: aggregate-results.sh: count test files where all tests skipped
Tomi Ollila [Sat, 15 Jun 2019 14:28:44 +0000 (17:28 +0300)]
test: aggregate-results.sh: count test files where all tests skipped

Previously, when all tests were skipped on a test file, there were
no indication of this in the final results aggregate-results.sh
printed.
Now count of the files where all tests were skipped is printed.

5 months agonotmuch-show: run uncrustify
Daniel Kahn Gillmor [Wed, 3 Jul 2019 04:31:19 +0000 (00:31 -0400)]
notmuch-show: run uncrustify

This is the result of running:

    $ uncrustify --replace --config devel/uncrustify.cfg *.c *.h

In the top level source directory.  I was using uncrustify
0.68.1+dfsg1-2.

I do not know why these changes were not caught in
33382c2b5ba2537952a60ea378feff36961e4713

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 months agotest: run uncrustify
Daniel Kahn Gillmor [Tue, 25 Jun 2019 17:55:45 +0000 (13:55 -0400)]
test: run uncrustify

This is the result of running:

    $ uncrustify --replace --config ../devel/uncrustify.cfg *.cc *.c *.h

in the test directory.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 months agotest: replace use of gdb with LD_PRELOAD shims in T070-insert.sh
David Bremner [Wed, 26 Jun 2019 16:23:37 +0000 (12:23 -0400)]
test: replace use of gdb with LD_PRELOAD shims in T070-insert.sh

This removes the dependency of this test script on gdb, and
considerably speeds up the running of the tests.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 months agotest: provide machinery to make and use test_shims
David Bremner [Wed, 26 Jun 2019 16:23:36 +0000 (12:23 -0400)]
test: provide machinery to make and use test_shims

These can be used e.g. to override return values for functions, in
place of the existing scripting of gdb.

This prepends to LD_PRELOAD rather than clobbering it, thanks to a
suggestion from Tomi Ollila.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 months agoemacs: add keywords to notmuch-emacs-mua.desktop
Daniel Kahn Gillmor [Mon, 10 Jun 2019 01:44:39 +0000 (04:44 +0300)]
emacs: add keywords to notmuch-emacs-mua.desktop

Debian's lintian has an informational alert
desktop-entry-lacks-keywords-entry, which recommends including
Keywords= in a .desktop file.

I dug around a bit in /usr/share/applications/*.desktop to make sure
that we covered the range of keywords other e-mail applications are
using.  If anyone has other suggestions for keywords, they can add
them to this list.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 months agoMerge branch 'release'
David Bremner [Mon, 17 Jun 2019 05:07:45 +0000 (07:07 +0200)]
Merge branch 'release'

5 months agoconfigure: fix mktemp call for macOS
Ralph Seichter [Sun, 16 Jun 2019 15:18:47 +0000 (17:18 +0200)]
configure: fix mktemp call for macOS

Add missing template to mktemp, as required by macOS / OS X.

Signed-off-by: Ralph Seichter <abbot@monksofcool.net>
5 months agolib: run uncrustify
uncrustify [Thu, 13 Jun 2019 10:55:35 +0000 (07:55 -0300)]
lib: run uncrustify

This is the result of running

     $ uncrustify --replace --config ../devel/uncrustify.cfg *.c *.h *.cc

in the lib directory

5 months agoparse-time-string: run uncrustify
uncrustify [Thu, 13 Jun 2019 10:35:36 +0000 (07:35 -0300)]
parse-time-string: run uncrustify

This is the result of running

     $ uncrustify --replace --config ../devel/uncrustify.cfg *.c *.h

in the parse-time-string directory

5 months agocompat: run uncrustify
uncrustify [Thu, 13 Jun 2019 10:34:25 +0000 (07:34 -0300)]
compat: run uncrustify

This is the result of running

     $ uncrustify --replace --config ../devel/uncrustify.cfg *.c *.h

in the compat directory

5 months agoutil: run uncrustify
uncrustify [Thu, 13 Jun 2019 10:33:13 +0000 (07:33 -0300)]
util: run uncrustify

This is the result of running

     $ uncrustify --replace --config ../devel/uncrustify.cfg *.c *.h

in the util directory

5 months agocli: run uncrustify
uncrustify [Thu, 13 Jun 2019 10:31:01 +0000 (07:31 -0300)]
cli: run uncrustify

This is the result of running

     $ uncrustify --replace --config devel/uncrustify.cfg *.c *.h

in the top level source directory

5 months agoCLI: replace some constructs with more uncrustify friendly ones
David Bremner [Wed, 12 Jun 2019 22:47:20 +0000 (19:47 -0300)]
CLI: replace some constructs with more uncrustify friendly ones

In particular
   - use (bool) instead of !!
   - cuddle the opening parens of function calls
   - add parens in some ternery operators

5 months agouncrustify: indent classes
David Bremner [Thu, 13 Jun 2019 10:50:44 +0000 (07:50 -0300)]
uncrustify: indent classes

With previous settings member functions / variables are moved to
column 0.

5 months agoSTYLE: document rules for calls, block comments, ternary ops
David Bremner [Wed, 12 Jun 2019 22:49:13 +0000 (19:49 -0300)]
STYLE: document rules for calls, block comments, ternary ops

5 months agocli: partial whitespace cleanup in notmuch-config.c
David Bremner [Fri, 14 Jun 2019 10:32:22 +0000 (07:32 -0300)]
cli: partial whitespace cleanup in notmuch-config.c

This avoids spurious tab to space conversion by uncrustify

5 months agobuild: drop variable HAVE_EMACS. use WITH_EMACS instead
David Bremner [Wed, 12 Jun 2019 00:12:38 +0000 (21:12 -0300)]
build: drop variable HAVE_EMACS. use WITH_EMACS instead

The extra flexibility of having both HAVE_EMACS (for yes, there is an
emacs we can use) and WITH_EMACS (the user wants emacs support) lead
to confusion and bugs. We now just force WITH_EMACS to 0 if no
suitable emacs is detected.

5 months agoMerge branch 'release'
David Bremner [Tue, 11 Jun 2019 23:41:35 +0000 (20:41 -0300)]
Merge branch 'release'

5 months agodebian: changelog for 0.29.1-1 0.29.1 archive/debian/0.29.1-1 debian/0.29.1-1
David Bremner [Tue, 11 Jun 2019 23:16:48 +0000 (20:16 -0300)]
debian: changelog for 0.29.1-1

5 months agoNEWS: news for 0.29.1
David Bremner [Tue, 11 Jun 2019 23:15:04 +0000 (20:15 -0300)]
NEWS: news for 0.29.1

5 months agoversion: bump to 0.29.1
David Bremner [Tue, 11 Jun 2019 23:11:45 +0000 (20:11 -0300)]
version: bump to 0.29.1

5 months agoappend _unused to the expression defined using unused() macro
Tomi Ollila [Thu, 30 May 2019 19:56:14 +0000 (22:56 +0300)]
append _unused to the expression defined using unused() macro

This way if variables defined using unused() macro are actually
used then code will not compile...

- removed unused usage around one argc and one argv since those
  were used

- changed one unused (char *argv[]) to unused (char **argv) to
  work with modified unused() macro definition

5 months agodebian: Add appropriate substitution variables to debian/control
Daniel Kahn Gillmor [Mon, 10 Jun 2019 01:22:51 +0000 (04:22 +0300)]
debian: Add appropriate substitution variables to debian/control

Without this change, dh_gencontrol emits:

dpkg-gencontrol: warning: package python-notmuch: substitution variable ${python:Provides} unused, but is defined
dpkg-gencontrol: warning: package python-notmuch: substitution variable ${python:Versions} unused, but is defined
dpkg-gencontrol: warning: package notmuch-mutt: substitution variable ${perl:Depends} unused, but is defined

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 months agodebian: bump Standards-Version to 4.3.0 (no changes needed)
Daniel Kahn Gillmor [Mon, 10 Jun 2019 01:22:50 +0000 (04:22 +0300)]
debian: bump Standards-Version to 4.3.0 (no changes needed)

/usr/share/doc/debian-policy/upgrading-checklist.txt.gz suggests that
notmuch is already compliant with debian-policy 4.3.0.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthorseman.net>
5 months agofix misspelling
Daniel Kahn Gillmor [Mon, 10 Jun 2019 01:25:26 +0000 (04:25 +0300)]
fix misspelling

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 months agodebian: enable build hardening features
Daniel Kahn Gillmor [Mon, 10 Jun 2019 01:35:03 +0000 (04:35 +0300)]
debian: enable build hardening features

Debian's build hardening toolchain options produce binary artifacts
that are more resistant to compromise.  The most visible change for
notmuch today is likely to be the addition of the "bindnow" linker
flag, which contributes to making the "Global Offset Table" fully
read-only.

See https://wiki.debian.org/Hardening for more details.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 months agotest: aggregate-results.sh: consistent style. zero forks.
Tomi Ollila [Mon, 10 Jun 2019 18:39:23 +0000 (21:39 +0300)]
test: aggregate-results.sh: consistent style. zero forks.

- all variables in $((...)) without leading $
- all comparisons use -gt, -eq or -ne
- no -a nor -o inside [ ... ] expressions
- all indentation levels using one tab

Dropped unnecessary empty string check when reading results files.

Replaced pluralize() which was executed in subshell with
pluralize_s(). pluralize_s sets $s to 's' or '' based on value of
$1. Calls to pluralize_s are done in context of current shell, so
no forks to subshells executed.

5 months agodoc: Don't install emacs docs when they are not built
David Bremner [Mon, 10 Jun 2019 10:11:50 +0000 (07:11 -0300)]
doc: Don't install emacs docs when they are not built

In 40b025 we stopped building the notmuch-emacs documentation if
HAVE_EMACS=0 (i.e. no emacs was detected by configure). Unfortunately
we continued to try to install the (non-existent) documentation, which
causes build/install failures.

As a bonus, we also avoid installing the documentation if the user
configures --without-emacs.

Thanks to Ralph Seichter for reporting the problem, and testing
previous versions of this fix.

5 months agodoc: don't build notmuch-emacs.info for configure --without-emacs
David Bremner [Tue, 11 Jun 2019 00:06:57 +0000 (21:06 -0300)]
doc: don't build notmuch-emacs.info for configure --without-emacs

Since the docstrings are not built in the case of --without-emacs,
even if emacs is detected, don't let sphinx build the emacs docs. This
avoids a large number of error messages due to missing includes. It's
actually a bit surprising sphinx doesn't generate an error for the
missing include files.

6 months agotest: signature verification during decryption (session keys)
Daniel Kahn Gillmor [Thu, 30 May 2019 00:09:44 +0000 (20:09 -0400)]
test: signature verification during decryption (session keys)

When the user knows the signer's key, we want "notmuch show" to be
able to verify the signature of an encrypted and signed message
regardless of whether we are using a stashed session key or not.

I wrote this test because I was surprised to see signature
verification failing when viewing some encrypted messages after
upgrading to GPGME 1.13.0-1 in debian experimental.

The added tests here all pass with GPGME 1.12.0, but the final test
fails with 1.13.0, due to some buggy updates to GPGME upstream: see
https://dev.gnupg.org/T3464 for more details.

While the bug needs to be fixed in GPGME, notmuch's test suite needs
to make sure that GMime is doing what we expect it to do; i was a bit
surprised that it hadn't caught the problem, hence this patch.

I've fixed this bug in debian experimental with gpgme 1.13.0-2, so the
tests should pass on any debian system.  I've also fixed it in the
gpgme packages (1.13.0-2~ppa1) in the ubuntu xenial PPA
(ppa:notmuch/notmuch) that notmuch uses for Travis CI.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
6 months agoperf-tests: #!/bin/bash -> #!/usr/bin/env bash
William Casarin [Fri, 31 May 2019 18:32:50 +0000 (11:32 -0700)]
perf-tests: #!/bin/bash -> #!/usr/bin/env bash

I couldn't run the performance tests on my machines due to a hardcoded
bash path. Use env for finding bash in weird systems like NixOS.

Signed-off-by: William Casarin <jb55@jb55.com>
6 months agodebian: fix desktop install archive/debian/0.29-2 debian/0.29-2
David Bremner [Fri, 7 Jun 2019 10:06:22 +0000 (07:06 -0300)]
debian: fix desktop install

Previous version expected full upstream install to be run, and also
caused lintian whine about the the desktop file being in a different
package than the script. I'm not sure they shouldn't both be in
elpa-notmuch, but I can see how they should be together.

6 months agodebian: install desktop file 0.29 debian/0.29-1
David Bremner [Fri, 7 Jun 2019 00:35:28 +0000 (21:35 -0300)]
debian: install desktop file

6 months agoNEWS: set release date for 0.29
David Bremner [Fri, 7 Jun 2019 00:29:45 +0000 (21:29 -0300)]
NEWS: set release date for 0.29

6 months agoversion: bump to 0.29
David Bremner [Fri, 7 Jun 2019 00:27:35 +0000 (21:27 -0300)]
version: bump to 0.29

6 months agodebian: start changelog for 0.29-1
David Bremner [Fri, 7 Jun 2019 00:23:29 +0000 (21:23 -0300)]
debian: start changelog for 0.29-1

6 months agodebian: install logo
David Bremner [Fri, 7 Jun 2019 00:14:48 +0000 (21:14 -0300)]
debian: install logo

Thanks to Tim Retout for the patch

6 months agoNEWS: add Emacs front end changes by various people.
David Bremner [Wed, 5 Jun 2019 23:46:01 +0000 (20:46 -0300)]
NEWS: add Emacs front end changes by various people.

These are most of the remaining emacs related chagnes.

6 months agoNEWS: add a note about protected headers
Daniel Kahn Gillmor [Wed, 29 May 2019 19:13:21 +0000 (15:13 -0400)]
NEWS: add a note about protected headers

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>